Sector Radio Configuration

From OCARC
Revision as of 16:36, 5 July 2020 by Va7stv (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
Incomplete needs LOTS of work.

Before You Start

  • It can be a good idea to build out your configuration in a text editor before you actually start to configure the radio. Once you are confident that it is correct you can start pasting it into the terminal one section at a time.

Gather the information you will need:

  • Site VLAN ID
  • IP Address for this Sector
  • Site Subnet
  • Site Default Gateway
  • Radio Name
  • Radio Azimuth (0,120,240)
  • Radio Frequency
  • Radio Channel Width (Usually 10mhz)

Configuration Steps

When programming this radio for the first time it is generally easier to use the Mac Address of the device to connect to it from winbox, This will ensure that if you remove the current IP address you remain connected to the radio. You can do this by either typing the mac address into the address field or selecting a detected radio by clicking on the mac address column.


  1. Upgrade your modem to the latest version of RouterOS
    • If you have connected the modem to your LAN in a way that provides Internet access, the following two command can be used:
    /system package update install
    Once the system is don upgrading and rebooting run
    /system routerboard upgrade
  2. Reset the modem/radio to a blank configuration
    /system reset-configuration no-defaults=yes
  3. Give the modem/radio a name, for standard sectors this takes the form of RADIOaz.site for example RADIO120.LMK
    /system identity set name=RADIO120.SITE
  4. Set a password for the admin user
    /user set admin password=
    /console clear-history
    This is an example password generated in your browser.
  5. To support shared administration, add the following HamWAN Network Administration accounts into the "full" group. Usernames are case sensitive.
    /user add group=full name=manage password=
    /console clear-history
    This is an example password generated in your browser.
  6. Enable Ethernet boot in case you ever need to reinstall the router with NetInstall (this could save you a trip up to your roof, its a good idea)
    /system routerboard settings set boot-device=try-ethernet-once-then-nand
    Caution this no longer seems to persist past the next reboot.
  7. Configure Remote Central Logging
    /system logging action set 3 bsd-syslog=no name=remote remote=44.135.216.4 remote-port=514 src-address=0.0.0.0 syslog-facility=daemon syslog-severity=auto target=remote
    /system logging add action=remote disabled=no prefix="" topics=info
    /system logging add action=remote disabled=no prefix="" topics=warning
    /system logging add action=remote disabled=no prefix="" topics=error
  8. Configure Central Authentication
    /radius add address=44.135.217.99 secret=AmprNET service=login
    /user aaa set use-radius=yes
  9. Configure SNMP Monitoring
    /snmp set enabled=yes contact="#HamWAN on irc.freenode.org"
    /snmp community set name=hamwan addresses=44.135.216.0/23 read-access=yes write-access=no numbers=0
  10. Setup NTP
    /system clock set time-zone-name=America/Vancouver
    /ip cloud set update-time=no
    /system ntp client set enabled=yes primary-ntp=208.73.56.29 secondary-ntp=45.76.244.193
  11. Clear the firewall rules and add ours
    /ip firewall filter remove [find dynamic=no]
    /ip firewall filter add action=accept chain=input connection-state=established
    /ip firewall filter add action=reject chain=input dst-address=44.135.216.0/23 protocol=!icmp reject-with=icmp-network-unreachable src-address=!44.0.0.0/8
    /ip firewall filter add action=reject chain=input dst-address=44.135.160.0/21 protocol=!icmp reject-with=icmp-network-unreachable src-address=!44.0.0.0/8
  1. Configure Networking
    1. Interfaces
      • Create a bridge
      /interface bridge add name=BR-HW-OSPF
      • Create the vlan back to the router (VLAN ID is site dependant)
      /interface vlan add interface ether1 name=ETH1-OSPF vlan-id=614
      • Configure bridge ports
      /interface bridge port add bridge=BR-HW-OSPF interface=wlan1
      /interface bridge port add bridge=BR-HW-OSPF interface=ETH1-OSPF
    2. Wireless
      • Configure Interface (Frequency will depend on sector, as will radio-name)
      /interface wireless set [ find default-name=wlan1 ] band=5ghz-onlyn channel-width=10mhz country=no_country_set disabled=no frequency=5920 frequency-mode=superchannel mode=ap-bridge nv2-cell-radius=100 radio-name=VA7DIG/KUI0 rx-chains=0,1 ssid=HamWAN tdma-period-size=4 tx-chains=0,1 wireless-protocol=nv2
      • Add our channels
      /interface wireless channels add band=5ghz-onlyn comment="Cell sites radiate this at 0 degrees (north)" frequency=5920 list=HamWAN name=Sector1-5 width=5
      /interface wireless channels add band=5ghz-onlyn comment="Cell sites radiate this at 120 degrees (south-east)" frequency=5900 list=HamWAN name=Sector2-5 width=5
      /interface wireless channels add band=5ghz-onlyn comment="Cell sites radiate this at 240 degrees (south-west)" frequency=5880 list=HamWAN name=Sector3-5 width=5
      /interface wireless channels add band=5ghz-onlyn comment="Cell sites radiate this at 0 degrees (north)" frequency=5920 list=HamWAN name=Sector1-10 width=10
      /interface wireless channels add band=5ghz-onlyn comment="Cell sites radiate this at 120 degrees (south-east)" frequency=5900 list=HamWAN name=Sector2-10 width=10
      /interface wireless channels add band=5ghz-onlyn comment="Cell sites radiate this at 240 degrees (south-west)" frequency=5880 list=HamWAN name=Sector3-10 width=10
    3. IP
      • Configure the modem/radios ip address in the local subnet
      /ip address add address={RADIO IP}/26 comment="Local Subnet" interface=BR-HW-OSPF network={RADIO NETWORK}
      /ip route add distance=1 gateway={SITE GATEWAY}
      • Configure DNS servers
      /ip dns servers=44.135.216.2,44.135.216.3
      • Disable unused services
      /ip service set telnet disabled=yes
      /ip service set ftp disabled=yes
      /ip service set www disabled=yes
      /ip service set api disabled=yes
      /ip service set api-ssl disabled=yes
      • Allow unencrypted SSH
      /ip ssh set allow-none-crypto=yes forwarding-enabled=remote