WNI KymaStar Plus AP User manual
I
IE
EE
EE
E
8
80
02
2.
.1
1
1
1
W
Wi
ir
re
el
le
es
ss
s
B
Br
ri
i
d
d
E
Ex
xt
te
er
rn
na
al
l
/
/
I
In
nt
t
e
e
K
Ky
ym
m
a
a
A
Ap
p
C
CP
PE
E
Website:
Endereço
TEL :
KymaSTAR Plus
1
1
a
a/
/b
b/
/g
g
d
d
g
ge
e
&
&
R
Ro
ou
ut
te
er
r
e
e
g
gr
ra
al
l
A
An
nt
te
en
nn
na
a
T
Te
er
r
m
m
a
a
S
St
ta
ar
r
P
P
L
L
U
US
SE
ER
R
M
M
Website:
www.wni.com.br
Endereço
: Av. Desembargador Hugo Simas, 1184
TEL :
+55-41-32407600, FAX : +55-41-3240762
2
KymaSTAR Plus
- User’s Guide
0
m
m
i
in
na
al
l
L
L
U
US
S
M
M
A
AN
NU
UA
A
L
L
V
Ve
er
rs
si
io
on
n
0
06
6/
/1
1
5
5
2
J
Ju
un
n.
.
2
20
00
08
8
KymaSTAR Plus - User’s Guide
1
Table of Contents
Conteúdo
Hardware Spe ifi ations ...................................................................................................................... 4
Spe ifi ations Table ............................................................................................................................. 4
Configuration Management ................................................................................................................ 6
System Ba kup ................................................................................................................................ 6
Exporting Configuration .................................................................................................................. 7
Importing Configuration .................................................................................................................. 8
Configuration Reset ......................................................................................................................... 8
FTP (File Transfer Proto ol) Server .................................................................................................. 9
MAC Level A ess (Telnet and Winbox) ........................................................................................ 10
Monitoring A tive Session List ...................................................................................................... 11
Serial Console and Terminal .............................................................................................................. 12
Serial Console Configuration ......................................................................................................... 13
Using Serial Terminal ..................................................................................................................... 14
SSH (Se ure Shell) Server and Client ................................................................................................. 16
Telnet Server and Client .................................................................................................................... 18
IP Addresses and ARP ........................................................................................................................ 19
Proxy-ARP feature ............................................................................................................................. 21
Ethernet Interfa es ........................................................................................................................... 24
Ethernet Interfa e Configuration .................................................................................................. 24
Monitoring the Interfa e Status .................................................................................................... 25
PPP and Asyn hronous Interfa es ..................................................................................................... 27
PPP Appli ation Example ............................................................................................................... 30
Wireless Client and Wireless A ess Point Manual........................................................................... 31
Radio Spe ifi ations ...................................................................................................................... 31
Qui k Setup Guide ......................................................................................................................... 32
Wireless Interfa e Configuration .................................................................................................. 33
Interfa e Monitor .......................................................................................................................... 40
Nstreme Settings ........................................................................................................................... 41
Nstreme2 Group Settings .............................................................................................................. 42
Registration Table ......................................................................................................................... 44
KymaSTAR Plus - User’s Guide
2
Conne t List ................................................................................................................................... 46
A ess List...................................................................................................................................... 47
Info ................................................................................................................................................ 48
Virtual A ess Point Interfa e ....................................................................................................... 49
WDS Interfa e Configuration ........................................................................................................ 51
Align Monitor ................................................................................................................................ 53
Manual Transmit Power Table ...................................................................................................... 54
Se urity Profiles ............................................................................................................................. 55
WPA ........................................................................................................................................... 55
WEP ........................................................................................................................................... 55
Sniffer ............................................................................................................................................ 59
Sniffer Pa kets ............................................................................................................................... 60
Snooper ......................................................................................................................................... 61
PPPoE ................................................................................................................................................ 61
Qui k Setup Guide ..................................................................................................................... 62
PPPoE Client Setup ........................................................................................................................ 63
PPPoE Server Tunnel Interfa es .................................................................................................... 66
PPPoE in a multipoint wireless 802.11g network ......................................................................... 67
VLAN .................................................................................................................................................. 70
VLAN Setup .................................................................................................................................... 71
VLAN example on KymaStar PLUS ................................................................................................. 72
PPP User AAA .................................................................................................................................... 73
Lo al PPP User Profiles .................................................................................................................. 73
Lo al PPP User Database ............................................................................................................... 76
Monitoring A tive PPP Users......................................................................................................... 77
PPP User Remote AAA ................................................................................................................... 77
Router User AAA ............................................................................................................................... 78
Router User Groups ....................................................................................................................... 78
Monitoring A tive Router Users .................................................................................................... 80
Router User Remote AAA .............................................................................................................. 81
SSH Keys ........................................................................................................................................ 82
Servi es, Proto ols, and Ports ........................................................................................................... 83
Modifying Servi e Settings ............................................................................................................ 83
List of Servi es ............................................................................................................................... 84
KymaSTAR Plus - User’s Guide
3
DHCP Client and Server ..................................................................................................................... 85
Qui k Setup Guide ......................................................................................................................... 85
DHCP Client Setup ......................................................................................................................... 86
DHCP Server Setup ........................................................................................................................ 88
DHCP Networks ............................................................................................................................. 91
DHCP Relay .................................................................................................................................... 95
Dynami Addressing, using DHCP-Relay ....................................................................................... 97
IP Address assignment, using FreeRADIUS Server ........................................................................ 98
IP Pools .............................................................................................................................................. 99
Bandwidth Test ............................................................................................................................... 101
Server Configuration ................................................................................................................... 102
Client Configuration .................................................................................................................... 103
ICMP Bandwidth Test ...................................................................................................................... 104
Pa ket Sniffer .................................................................................................................................. 105
Pa ket Sniffer Configuration ....................................................................................................... 105
Running Pa ket Sniffer ................................................................................................................ 107
Pa ket Sniffer Proto ols .............................................................................................................. 108
Pa ket Sniffer Host ...................................................................................................................... 109
Pa ket Sniffer Conne tions ......................................................................................................... 110
Sniff MAC Address ....................................................................................................................... 110
Ping .................................................................................................................................................. 111
'Ping', using arp requests: ........................................................................................................... 112
MAC Ping Server .......................................................................................................................... 113
Tor h (Realtime Traffi Monitor) .................................................................................................... 113
The Tor h Command ................................................................................................................... 113
Tra eroute ....................................................................................................................................... 114
The Tra eroute Command .......................................................................................................... 115
Conta t Information ........................................................................................................................ 117
KymaSTAR Plus - User’s Guide
4
Hardware Specifications
D
ESCRIPTION
Using advanced OFDM and power amp technology, the
KymaStar PLUS has high output power and amazing
throughput even at long distance transmission. It operates at
5GHz band with 80+ non-overlapping channels.
This 802.11a outdoor radio is an ideal solution for
enterprise / campus connectivity, Hotspot and next-
generation broadband wireless Access.
It’s easier and more cost effective to deploy the wireless
access environment with the
Wireless Distribution System (WDS) technology. Saving
30% ~ 50% cost for telecom operators, ISPs and
enterprises.
KymaStar PLUS has powerful security management because it supports WEP 64 / 128 /
152 bits, 802.1x Authentication (EAP), MAC access control, disable broadcast the
SSID, client isolation, WPA/WPA2-PSK and WPA/WPA2 encryption.
• Turbo, 802.11a, 802.11b and 802.11g IN ONE
• Operates in both 2.4 GHz and 5 GHz wireless bands
• Extended distances and higher speeds due to better output signal power
• FCC and CE approval
Specifications Table
KymaStar Plus AP KymaStar Plus CPE
CPU MIPS32 4Kc based 400MHz MIPS32 4Kc based 175MHz
Memory 64MB SDRAM onboard 16MB SDRAM onboard
Boot loader RouterBOOT, 1Mbit Flash chip
Data storage 128MB onboard NAND 64MB onboard NAND
Ethernet IDT Korina 10/100 MBit/s Fast Ethernet port supporting Auto-MDI/X
MiniPCI slot MiniPCI Type IIIA/IIIB slots
Serial port DB9 RS232C asynchronous serial port
LEDs Power and User LED
Speaker Mini PC-Speaker
Power options Power over Ethernet 12 or 48VDC
Power jack 6..22V (with overvoltage
protection) or 25..60V DC – jumper
selectable
Power over Ethernet 12..28V DC
(except power over datalines)
Dimensions 253 (L) x 180 (W) x 63 (H) mm – 10
x 7.1 x 2.5 in 338 (L) x 338 (W) x 56 (H) mm –
13.3 x 13.3 x 2.2 in
Weight 1,8 Kg – 4.0 lb 2,9 Kg – 6.4 lb
Temperature -20 to +65°C (-4°F to 149°F)
Humidity Operational: Up to 70% relative humidity (non-condensing)
Power consumption 2-4W, maximum 24W 3-4W, maximum 20W
KymaSTAR Plus AP
KymaSTAR Plus - User’s Guide
5
CPE (Integrated Antenna)
This outdoor enclosure with integrated directional antenna is an innovative low cost
solution for integrating electronics and an antenna into a single package eliminating the
need for bulky cables. The antenna and enclosure both meet IP67 weatherproofing
requirements. The single linear
polarization directional panel antenna
consists of a patented low cost, high
performance circuit design that can be
mounted in either a vertical or horizontal
polarization configuration. The antenna is
enclosed in a very low profile, UV
stabilized ABS plastic radome with
aluminum backplane for superior
weatherability.
The enclosure is a lightweight, powder-
coated die-cast aluminum designed to
address thermal issues inherent in outdoor
installations of sensitive electronic
equipment.
Integrated Antenna Radiation Pattern
KymaSTAR Plus CPE
KymaSTAR Plus - User’s Guide
6
Configuration Management
General Information
Summary
This manual introduces you with commands which are used to perform the following
functions:
• system backup
• system restore from a backup
• configuration export
• configuration import
• system configuration reset
Description
The configuration backup can be used for backing up KymaStar PLUS RouterOS
configuration to a binary file, which can be stored on the router or downloaded from it
using FTP. The configuration restore can be used for restoring the router's configuration
exactly as it was at the backup creation moment, from a backup file. The restoration
procedure assumes the configuration is restored on the same router, where the backup
file was originally created, so it will create partially broken configuration if the
hardware has been changed.
The configuration export can be used for dumping out complete or partial KymaStar
PLUS RouterOS configuration to the console screen or to a text (script) file, which can
be downloaded from the router using FTP. The configuration dumped is actually a batch
of commands that add (without removing the existing configuration) the selected
configuration to the router. The configuration import facility executes a batch of console
commands from a script file.
System reset command is used to erase all configuration on the router. Before doing
that, it might be useful to backup the router's configuration.
System Backup
Home menu level: /system backup
Description
The save command is used to store the entire router configuration in a backup file. The
file is shown in the /file submenu. It can be downloaded via ftp to keep it as a backup
for your
configuration.
To restore the system configuration, for example, after a /system reset-configuration, it
is possible to upload that file via ftp and load that backup file using load command in
/system backup submenu.
Command Description
load name=[filename] - Load configuration backup from a file
save name=[filename] - Save configuration backup to a file
KymaSTAR Plus - User’s Guide
7
Example
To save the router configuration to file test:
[admin@KymaStar-PLUS] system backup> save name=test
Configuration backup saved
[admin@KymaStar-PLUS] system backup>
To see the files stored on the router:
[admin@KymaStar-PLUS] > file print
# NAME TYPE SIZE CREATION-TIME
0 test.backup backup 12567 sep/08/2004 21:07:50
[admin@KymaStar-PLUS] >
Example
To load the saved backup file test:
[admin@KymaStar-PLUS] system backup> load name=test
Restore and reboot? [y/N]: y
Restoring system configuration
System configuration restored, rebooting now
Exporting Configuration
Command name: /export
Description
The export command prints a script that can be used to restore configuration. The
command can be invoked at any menu level, and it acts for that menu level and all menu
levels below it. The output can be saved into a file, available for download using FTP.
Command Description
file=[filename] - saves the export to a file
Example
[admin@KymaStar-PLUS] > ip address print
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK BROADCAST INTERFACE
0 10.1.0.172/24 10.1.0.0 10.1.0.255 bridge1
1 10.5.1.1/24 10.5.1.0 10.5.1.255 ether1
[admin@KymaStar-PLUS] >
To make an export file:
[admin@KymaStar-PLUS] ip address> export file=address
[admin@KymaStar-PLUS] ip address>
To see the files stored on the router:
[admin@KymaStar-PLUS] > file print
# NAME TYPE SIZE CREATION-TIME
0 address.rsc script 315 dec/23/2003 13:21:48
[admin@KymaStar-PLUS] >
KymaSTAR Plus - User’s Guide
8
Importing Configuration
Command name: /import
Description
The root level command /import [file_name] restores the exported information from
the specified file. This is used to restore configuration or part of it after a /system reset
event or anything that causes configuration data loss.
Note that it is impossible to import the whole router configuration using this feature. It
can only be used to import a part of configuration (for example, firewall rules) in order
to spare you some typing.
Command Description
file=[filename] - loads the exported configuration from a file to router
Example
To load the saved export file use the following command:
[admin@KymaStar-PLUS] > import address.rsc
Opening script file address.rsc
Script file loaded and executed successfully
[admin@KymaStar-PLUS] >
Configuration eset
Command name: /system reset-configuration
Description
The command clears all configuration of the router and sets it to the default including
the login name and password ('admin' and no password), IP addresses and other
configuration is erased, interfaces will become disabled. After the reset command
router will reboot.
Command Description
reset - erases router's configuration
Example
[admin@KymaStar-PLUS] > system reset-configuration
Dangerous! Reset anyway? [y/N]: n
action cancelled
[admin@KymaStar-PLUS] >
KymaSTAR Plus - User’s Guide
9
FTP (File Transfer Protocol) Server
General Information
Summary
KymaStar PLUS RouterOS implements File Transfer Protocol (FTP) server feature. It is
intended to be used for software packages uploading, configuration script exporting and
importing procedures, as well as for storing HotSpot servlet pages.
Specifications
Packages required: system
License required: level1
Home menu level: /file
Standards and Technologies: FTP (RFC 959)
Hardware usage: Not significant
File Transfer Protocol Server
Home menu level: /file
Description
KymaStar PLUS RouterOS has an industry standard FTP server feature. It uses ports 20
and 21 for communication with other hosts on the network.
Uploaded files as well as exported configuration or backup files can be accessed under
/file menu. There you can delete unnecessary files from the router.
Authorization for FTP service uses router's system user account names and passwords.
The ftp local user policy controls the access rights to the FTP server.
Property Description
contents (text) – file contents (for text files only; size limit – 4kB)
creation-time (read-only: time) - item creation date and time
name (read-only: name) - item name
package-architecture (read-only: text) – RouterOS software package target machine
architecture (for package files only)
package-build-time (read-only: date) – RouterOS software package build time (for
package files only)
package-name (read-only: text) – RouterOS software package name (for package files
only)
package-version (read-only: text) – RouterOS software package version number (for
package files only)
size (read-only: integer) - package size in bytes
type (read-only: etxt) - item type. Few file types are recognized by extension: backup,
directory, package, script, ssh key, but other files are just marked by their extension
(.html file, for example)
KymaSTAR Plus - User’s Guide
10
Command Description
print - shows a list of files stored - shows contents of files less that 4kB long - offers to
edit file's contents with editor - sets the file's contents to 'content'
MAC Level Access (Telnet and Winbox)
General Information
Summary
MAC telnet is used to provide access to a router that has no IP address set. It works just
like IP telnet. MAC telnet is possible between two KymaStar PLUS RouterOS routers
only.
Specifications
Packages required: system
License required: level1
Home menu level: /tool , /tool mac-server
Standards and Technologies: MAC Telnet
Hardware usage: Not significant
MAC Telnet Server
Home menu level: /tool mac-server
Property Description
interface (name | all ; default: all) - interface name to which the mac-server clients will
connect
• all - all interfaces
Notes
There is an interface list in this submenu level. If you add some interfaces to this list,
you allow MAC telnet to that interface. Disabled (disabled=yes) item means that
interface is not allowed to accept MAC telnet sessions on that interface. all interfaces is
the default setting to allow MAC telnet on any interface.
Example
To enable MAC telnet server on ether1 interface only:
[admin@KymaStar-PLUS] tool mac-server> print
Flags: X - disabled
# INTERFACE
0 all
[admin@KymaStar-PLUS] tool mac-server> remove 0
[admin@KymaStar-PLUS] tool mac-server> add interface=ether1 disabled=no
[admin@KymaStar-PLUS] tool mac-server> print
Flags: X - disabled
# INTERFACE
KymaSTAR Plus - User’s Guide
11
0 ether1
[admin@KymaStar-PLUS] tool mac-server>
MAC WinBox Server
Home menu level: /tool mac-server mac-winbox
Property Description
interface ( name | all ; default: all ) - interface name to which it is allowed to connect
with Winbox using MAC-based protocol
• all - all interfaces
Notes
There is an interface list in this submenu level. If you add some interfaces to this list,
you allow MAC Winbox to that interface. Disabled (disabled=yes) item means that
interface is not allowed to accept MAC Winbox sessions on that interface.
Example
To enable MAC Winbox server on ether1 interface only:
[admin@KymaStar-PLUS] tool mac-server mac-winbox> print
Flags: X - disabled
# INTERFACE
0 all
[admin@KymaStar-PLUS] tool mac-server mac-winbox> remove 0
[admin@KymaStar-PLUS] tool mac-server mac-winbox> add interface=ether1
disabled=no
[admin@KymaStar-PLUS] tool mac-server mac-winbox> print
Flags: X - disabled
# INTERFACE
0 ether1
[admin@KymaStar-PLUS] tool mac-server mac-winbox>
Monitoring Active Session List
Home menu level: /tool mac-server sessions
Property Description
interface (read-only: name) - interface to which the client is connected to
src-address (read-only: MAC address) - client's MAC address
uptime (read-only: time) - how long the client is connected to the server
Example
To see active MAC Telnet sessions:
[admin@KymaStar-PLUS] tool mac-server sessions> print
# INTERFACE SRC-ADDRESS UPTIME
0 wlan1 00:0B:6B:31:08:22 00:03:01
[admin@KymaStar-PLUS] tool mac-server sessions>
MAC Scan
Command name: /tool mac-scan
Description
This command discovers all devices, which support MAC telnet protocol on the given
network.
KymaSTAR Plus - User’s Guide
12
Property Description
(name) - interface name to perform the scan on
MAC Telnet Client
Command name: /tool mac-telnet
Property Description
(MAC address) – MAC address of a compatible device
Example
[admin@KymaStar-PLUS] > /tool mac-telnet 00:02:6F:06:59:42
Login: admin
Password:
Trying 00:02:6F:06:59:42...
Connected to 00:02:6F:06:59:42
KymaStar-Plus
KymaStar-Plus RouterOS 3.0 (c) 1999-2008 http://www.wnint.com/
Terminal linux detected, using multiline input mode
[admin@KymaStar-PLUS] >
Serial Console and Terminal
General Information
Summary
The Serial Console and Terminal are tools, used to communicate with devices and other
systems that are interconnected via serial port. The serial terminal may be used to
monitor and configure many devices - including modems, network devices (including
KymaStar PLUS routers), and any device that can be connected to a serial
(asynchronous) port.
Specifications
Packages required: system
License required: level1
Home menu level: /system , /system console , /system serial-terminal
Standards and Technologies: RS-232
Hardware usage: Not significant
Description
The Serial Console feature is for configuring direct-access configuration facilities
(monitor/keyboard and serial port) that are mostly used for initial or recovery
configutation.
If you do not plan to use a serial port for accessing another device or for data connection
through a modem, you can configure it as serial console. The first serial port is
configured as a serial console, but you can choose to unconfigure it to free it for other
applications. A free serial port can also be used to access other routers’ (or other
KymaSTAR Plus - User’s Guide
13
equipment, like switches) serial consoles from a KymaStar PLUS RouterOS router. A
special null-modem cable is needed to connect two hosts (like, two PCs, or two routers;
not modems). Note that a terminal emulation orogram (e.g., Hyper Terminal on
Windows or minicom on linux) is required to access the serial console from another
computer.
Several customers have described situations where the Serial Terminal (managing side)
feature would be useful:
• on a mountaintop, where a KymaStar PLUS wireless installation sits next to
equipment (including switches and Cisco routers) that can not be managed in-band (by
telnet through an IP network)
• monitoring weather-reporting equipment through a serial port
• connection to a high-speed microwave modem that needed to be monitored and
managed by a serial connection
With the serial-terminal feature of the KymaStar PLUS, up to 132 (and, maybe, even
more) devices can be monitored and controlled
Serial Console Configuration
Description
A special null-modem cable should be used for connecting to the serial console. The
Serial Console cabling diagram for DB9 connectors is as follows:
Router Side
(DB9f)
Signal Direction Side (DB9f)
1,6 6 CD, DSR IN 4
2 RxD IN 3
3 TxD OUT 2
4 DTR OUT 1,6
5 GND - 5
7 RTS OUT 8
8 CTS IN 7
Note that the above diagram will not work if the software is configured to do hardware
flow control, but the hardware does not support it. If this is the case, either turn off the
hardware flow control or use a null-modem cable with loopback, which will simulate
the other device’s handshake signals with it’s own. The diagram for such cable is as
follows:
Router Side
(DB9f)
Signal Direction Side (DB9f)
1, 4, 6 CTD, DTR, DSR LOOP 1, 4, 6
2 RxD IN 3
3 TxD OUT 2
5 GND - 5
7, 8 RTS, CTS LOOP 7, 8
Note that although it is recommended to have 5-wire cable for this connection, in many
cases it is enough to have 3 wires (for unlooped signals only), leaving both loops to
exist only inside the connectors. Other connection schemes exist as well.
KymaSTAR Plus - User’s Guide
14
Configuring Console
Home menu level: /system console
Property Description
enabled (yes | no ; default: no) - whether serial console is enabled or not
free (read-only: text) - console is ready for use
port (name ; default: serial0) - which port should the serial terminal listen to
term (text) - terminal type
used (read-only: text) - console is in use
vcno (read-only: integer) - number of virtual console - [Alt]+[F1] represents '1',
[Alt]+[F2] - '2', etc.
wedged (read-only: text) - console is currently not available
Example
To disable all virtual consoles (available through the direct connection with keyboard
and monitor) except for the first one:
[admin@KymaStar-PLUS] system console> print
Flags: X - disabled, W - wedged, U - used, F - free
# PORT VCNO TERM
0 F serial0 MyConsole
1 W 1 linux
2 W 2 linux
3 W 3 linux
4 W 4 linux
5 W 5 linux
6 W 6 linux
7 W 7 linux
8 W 8 linux
[admin@KymaStar-PLUS] system console> disable 2,3,4,5,6,7,8
[admin@KymaStar-PLUS] system console> print
Flags: X - disabled, W - wedged, U - used, F - free
# PORT VCNO TERM
0 F serial0 MyConsole
1 X 1 linux
2 X 2 linux
3 X 3 linux
4 X 4 linux
5 X 5 linux
6 X 6 linux
7 X 7 linux
8 X 8 linux
[admin@KymaStar-PLUS] system console>
To check if the configuration of the serial port:
[admin@KymaStar-PLUS] system serial-console> /port print detail
0 name=serial0 used-by=Serial Console baud-rate=9600 data-bits=8 parity=none
stop-bits=1 flow-control=none
1 name=serial1 used-by="" baud-rate=9600 data-bits=8 parity=none stop-bits=1
flow-control=none
[admin@KymaStar-PLUS] system serial-console>
Using Serial Terminal
Command name: /system serial-terminal
KymaSTAR Plus - User’s Guide
15
Description
The command is used to communicate with devices and other systems that are
connected to router via serial port.
All keyboard input is forwarded to the serial port and all data from the port is output to
the
connected device. After exiting with [Ctrl]+[Q], the control signals of the port are
lowered. The speed and other parameters of serial port may be configured in the /port
directory of router console. No terminal translation on printed data is performed. It is
possible to get the terminal in an unusable state by outputting sequences of
inappropriate control characters or random data. Do not connect to devices at an
incorrect speed and avoid dumping binary data.
Property Description
port (name) - port name to use
Notes
The serial port to be used as a serial terminal needs to be free (e.g., there should not be
any serial consoles, LCD or other configuration). Check the previous chapter to see how
to disable serial console on a particular port. Use /port print command to see if some
other application is still using the port.
[Ctrl]+[Q] and [Ctrl]+[X] have special meaning and are used to provide a possibility of
exiting from nested serial-terminal sessions:
To send [Ctrl]+[X] to to serial port, press [Ctrl]+[X] [Ctrl]+[X]
To send [Ctrl]+[Q] to to serial port, press [Ctrl]+[X] [Ctrl]+[Q]
Example
To connect to a device connected to the serial1 port:
[admin@KymaStar-PLUS] system> serial-terminal serial1
[Type Ctrl-Q to return to console]
[Ctrl-X is the prefix key]
Console Screen
Home menu level: /system console screen
Description
This facility is created to change line number per screen if you have a monitor
connected to router.
Property Description
line-count (25 | 40 | 50) - number of lines on monitor
Notes
This parameter is applied only to a monitor, connected to the router.
Example
To set monitor's resolution from 80x25 to 80x40:
[admin@KymaStar-PLUS] system console screen> set line-count=40
[admin@KymaStar-PLUS] system console screen> print
line-count: 40
KymaSTAR Plus - User’s Guide
16
[admin@KymaStar-PLUS] system console screen>
SSH (Secure Shell) Server and Client
General Information
Summary
SSH Client authenticates server and encrypts traffic between the client and server. You
can use SSH just the same way as telnet - you run the client, tell it where you want to
connect to, give your username and password, and everything is the same after that.
After that you won't be able to tell that you're using SSH. The SSH feature can be used
with various SSH Telnet clients to securely connect to and administrate the router.
Apart from regular password-based authentication, preshared key file may be used to
authenticate a user.
The KymaStar PLUS RouterOS supports:
• SSH 1.3, 1.5, and 2.0 protocol standards
• server functions for secure administration of the router
• telnet session termination with 40 bit RSA SSH encryption is supported
• secure ftp is supported
• preshared key authentication is not supported
The KymaStar PLUS RouterOS has been tested with the following SSH telnet
terminals:
• KymaStar PLUS RouterOS embedded SSH client
• PuTTY
• Secure CRT
• OpenSSH GNU/Linux client
Specifications
Packages required: security
License required: level1
Home menu level: /system ssh
Standards and Technologies: SSH
Hardware usage: Not significant
SSH Server
Home menu level: /ip service
Description
SSH Server is already up and running after KymaStar PLUS router installation. The
default port of the service is 22. You can set a different port number or disable the
service if you need it. See the System Services manual for the detailed instructions.
KymaSTAR Plus - User’s Guide
17
SSH Client
Command name: /system ssh
Property Description
port (integer ; default: 22) - which TCP port to use for SSH connection to a remote host
user (text ; default: admin) - username for the SSH login
Example
[admin@KymaStar-PLUS] > /system ssh 192.168.0.1 user=admin
KymaStar-Plus
KymaStar-Plus RouterOS 3.0 (c) 1999-2008 http://www.wnint.com/
Terminal unknown detected, using single line input mode
[admin@KymaStar-PLUS] >
SSH Preshared Key
Home menu level: /user ssh-keys
Description
You can use DSA Keys (only DSA Keys are supported) instead of password to log into
the router. This method may be preferred for automated systems that configure router(s)
with SSH protocol using RouterOS console language. It is also useful if you just don’t
like remembering dozens of passwords and entering them to the login prompt all the
time.
Property Description
key-owner (read-only: text) - remote user, as specifie in key file
user (name) - local user to associate the key with
Command Description
import - import a DSA key file (name) - filename to import the SSH key from (name) -
local user to associate the key with
Notes
Only openssh DAS Keys are supported. If you use puttygen, convert generated keys to
right type.
Example
Generating the DAS key on a UNIX machine:
sh$ ssh-keygen -t dsa -f ./id_dsa
Generating public/private dsa key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in ./id_dsa.
Your public key has been saved in ./id_dsa.pub.
The key fingerprint is:
91:d7:08:be:b6:a1:67:5e:81:02:cb:4d:47:d6:a0:3b admin-ssh@beka
Now, after you upload the key onto the router, you can import it:
KymaSTAR Plus - User’s Guide
18
[admin@KymaStar-PLUS] user ssh-keys> import file=id_dsa.pub user=admin-ssh
[admin@KymaStar-PLUS] user ssh-keys> print
# USER KEY-OWNER
0 admin-ssh admin-ssh@beka
[admin@KymaStar-PLUS] user ssh-keys>
Telnet Server and Client
General Information
Summary
KymaStar PLUS RouterOS has a build-in Telnet server and client features. These two
are used to communicate with other systems over a network.
Specifications
Packages required: system
License required: level1
Home menu level: /system , /ip service
Standards and Technologies: Telnet (RFC 854)
Hardware usage: Not significant
Telnet Server
Home menu level: /ip service
Description
Telnet protocol is intended to provide a fairly general, bi-directional, eight-bit byte
oriented
communications facility. The main goal is to allow a standard method of interfacing
terminal devices to each other.
KymaStar PLUS RouterOS implements industry standard Telnet server. It uses port 23,
which must not be disabled on the router in order to use the feature.
You can enable/disable this service or allow the use of the service to certain IP
addresses. See the System Services manual for the detailed instructions.
Telnet Client
Command name: /system telnet
Description
KymaStar PLUS RouterOS telnet client is used to connect to other hosts in the network
via Telnet protocol.
Property Description
(IP address) – IP address of the Telnet server to connect to (port; default: 23) – TCP
port to connect to (if differs from the standard TCP port 23). May be useful to connect
to SMTP or HTTP servers for debugging purposes.
Example
An example of Telnet connection:
KymaSTAR Plus - User’s Guide
19
[admin@KymaStar-PLUS] > system telnet 172.16.0.1
Trying 172.16.0.1...
Connected to 172.16.0.1.
Escape character is '^]'.
KymaStar-PLUS v3.0
Login: admin
Password:
KymaStar-Plus
KymaStar-Plus RouterOS 3.0 (c) 1999-2008 http://www.wnint.com/
Terminal unknown detected, using single line input mode
[admin@KymaStar-PLUS] >
IP Addresses and A P
General Information
Summary
The following Manual discusses IP address management and the Address Resolution
Protocol settings. IP addresses serve as identification when communicating with other
network devices using the TCP/IP protocol. In turn, communication between devices in
one physical network proceeds with the help of Address Resolution Protocol and ARP
addresses.
Specifications
Packages required: system
License required: level1
Home menu level: /ip address, /ip arp
Standards and Technologies: IPv4, ARP
Hardware usage: Not significant
IP Addressing
Home menu level: /ip address
Description
IP addresses serve for a general host identification purposes in IP networks. Typical
(IPv4) address consists of four octets. For proper addressing the router also needs the
network mask value, id est which bits of the complete IP address refer to the address of
the host, and which - to the address of the network. The network address value is
calculated by binary AND operation from network mask and IP address values. It's also
possible to specify IP address followed by slash "/" and amount of bits that form the
network address.
In most cases, it is enough to specify the address, the netmask, and the interface
arguments. The network prefix and the broadcast address are calculated automatically.
It is possible to add multiple IP addresses to an interface or to leave the interface
without any addresses assigned to it. In case of bridging or PPPoE connection, the
physical interface may not have any address assigned, yet be perfectly usable. Putting
an IP address to a physical interface included in a bridge would mean actually putting it
on the bridge interface itself. You can use /ip address print detail to see to which
interface the address belongs to.
KymaStar PLUS RouterOS has following types of addresses:
This manual suits for next models
1
Table of contents
