General Discussion
  >> General Broadband Chatter


Register (or login) on our website and you will not see this ad.


Pages in this thread: 1 | 2 | 3 | [4] | 5 | 6 | (show all)   Print Thread
Standard User TrishaH
(experienced) Mon 21-Oct-13 23:41:43
Print Post

Re: 'Link Down' - what is it?


[re: David_W] [link to this post]
 
In reply to a post by David_W:
- but so long as unwanted traffic is not getting onto your network, you have nothing to fear.

I thought unwanted traffic was getting in! smile Thanks for the reassurance.

In reply to a post by TrishaH:
Do you know if this is what I can change to my own password?

That's the setting you're looking for.

Good- thanks

For optimum security, you should use 63 random characters, including upper case, lower case and punctuation. You will probably only ever enter it once per device, so this is hardly too onerous.


Other wireless security recommendations are to turn off WPS (one button wireless pairing), disable TKIP and set WPA2 only mode (which may be a "mixed mode" setting that you should turn off). Don't worry if you haven't got or can't find these settings - the long, random passphrase is the important part.

Well, my key was less complex than that. Must think again!

WPS is disabled, and the setting currently for Network authentication is WPA2-PSK ...is it better to change this to just plain WPA2?
TKIP is the only one I can't find ..yet.

Thanks for the help.

Standard User TrishaH
(experienced) Mon 21-Oct-13 23:50:12
Print Post

Re: 'Link Down' - what is it?


[re: RobertoS] [link to this post]
 
Yes but it only works if you Tipex it out smoothly and print the new one on that with a black ballpoint.

But .....I'd never be able to get 63 characters written in that tiny space! shocked

Seriously, yes that is the wireless key and you should be able to find that entry in the menus. You should also change the Security mode to WPA2 from WPA, WPA2-PSK is very common. If you find any of your kit cannot cannot connect with that, (unlikely) you may have to select WPA-PSK + WPA2-PSK (mixed mode).

Right! - I see both yourself and David advising WPA2 only so I'll give it a try in the morning. If WPA2 doesn't work, is the mixed selection better than how it currently is? ..had enough of poking around in it for today smile

Standard User David_W
(fountain of knowledge) Tue 22-Oct-13 01:05:50
Print Post

Re: 'Link Down' - what is it?


[re: TrishaH] [link to this post]
 
In reply to a post by TrishaH:
In reply to a post by David_W:
For optimum security, you should use 63 random characters, including upper case, lower case and punctuation. You will probably only ever enter it once per device, so this is hardly too onerous.


Other wireless security recommendations are to turn off WPS (one button wireless pairing), disable TKIP and set WPA2 only mode (which may be a "mixed mode" setting that you should turn off). Don't worry if you haven't got or can't find these settings - the long, random passphrase is the important part.

Well, my key was less complex than that. Must think again!
The password should also include numbers as well (my fault) - so 63 characters of random upper case, lower case, numbers and punctuation. There are web sites that will generate such a password using Javascript, so the actual key is generated locally in your browser. You can copy and paste the output into the router's configuration interface and into a text file to squirrel away. If you can get the text file onto the client device somehow, you can copy and paste your 63 characters into the wireless configuration screen - otherwise it's a a few minutes of discovering where all those weird symbols are on your phone or tablet's keyboard!

In reply to a post by TrishaH:
WPS is disabled, and the setting currently for Network authentication is WPA2-PSK ...is it better to change this to just plain WPA2?
TKIP is the only one I can't find ..yet.
The problem is that there's no standardisation for the names of the various settings in the various user interfaces.

WPA2-PSK is the one you want - WPA2 with a passphrase, sometimes called WPA2-Personal.

WPA2 will be WPA2 with RADIUS authentication, sometimes called WPA2-Enterprise. This is stronger than WPA2-Personal, but requires you to run a RADIUS server. If you have a local Linux / *BSD computer that is always on, that's a good choice - but installing and configuring FreeRADIUS is not for the faint hearted. (All the wireless here is WPA2-Enterprise, but I have some FreeBSD servers on site that I use to run FreeRADIUS).

A home RADIUS server would be an ideal job for a Raspberry Pi, if only someone would produce a nice web-driven user interface to the appropriate FreeRADIUS functionality. I'd do this myself, but there's already so much on my "to do" list.


Leave WPS disabled - you don't want that. Like many convenience features, it is a potential security hole.


What Bob and I are both driving at is that if all your devices have full support for WPA2, you can disable any fall-back support for WPA ("mixed mode", "WPA and WPA2" or similar) and its associated weak encryption (TKIP, which is the old and broken WEP encryption with dynamically changing keys to keep a little way ahead of the hackers).

Adopting the "if in doubt, check the manual" approach, you want "Network Authentication" set to "WPA2-PSK" (mixed mode is another option in that list) and "WPA/WAPI Encryption" set to "AES" for optimum security. Only use "Mixed WPA/WPA2-PSK" and/or "TKIP+AES" if you have a device that refuses to work on the optimum settings.


Don't forget to make the same changes to the 5GHz wireless as the 2.4GHz. I'd argue the best option is to operate both wireless bands using the exactly same settings, then devices can move from one radio to the other seamlessly. 5GHz is less congested and typically allows faster operation, but not every device supports 5GHz operation and the higher frequency 5GHz signal is rapidly attenuated by distance and building structure.


Register (or login) on our website and you will not see this ad.

Standard User TrishaH
(experienced) Tue 22-Oct-13 15:10:25
Print Post

Re: 'Link Down' - what is it?


[re: TrishaH] [link to this post]
 
I'll give it a try in the morning ..had enough of poking around in it for today smile


Just been taking a look (woke with a migraine type thing today, so a bit slow).

This is how I've got the wireless set now - 5&2.4 GHz - underlined is actual setting used, brackets shows the options:

Wireless Security:
WPS Enable - Disable (Current: Disable)
Manual Setup AP:
Select SSID - Billion-AP-2.4g (Billion-Guest1-2.4g Billion-Guest2-2.4g Billion-Guest3-2.4g )
Network Authentication - WPA2 -PSK (Open Shared 802.1X WPA WPA-PSK WPA2 Mixed WPA2/WPA Mixed WPA2/WPA -PSK )
WPA/WAPI passphrase - Click here to display
WPA Group Rekey Interval - 3600 [0-2147483647)
WPA/WAPI Encryption - [u]AES (TKIP+AES)

I took screenshots of each 'page' on the old one, and apart from Network Authentication being WPA/WPA2-PSK on the old 'n' one, these 'DXL' settings are the same.

For the time being, I've used the same pass key. Eldest son set the wireless up on their phones and my notebook, so I'll leave it to him to sort out next time he's here.

Edited by TrishaH (Tue 22-Oct-13 15:24:57)

Standard User David_W
(fountain of knowledge) Tue 22-Oct-13 15:18:43
Print Post

Re: 'Link Down' - what is it?


[re: TrishaH] [link to this post]
 
That looks good to me (I can see you attempted to mark "AES" in the encryption line - it's just the underline closing tag that's missing).

I hope it's working well now.

Standard User TrishaH
(experienced) Tue 22-Oct-13 15:29:32
Print Post

Re: 'Link Down' - what is it?


[re: David_W] [link to this post]
 
Thanks David - I really appreciate the help I've had from you all.

It seems fine. I did prefer being able to see the tick for wireless enabled and a padlock for the security being set (as shown on the old one), but if it looks good to you, I'm happy.
I'll get a better pass key sorted out soon.

As for the AES underline thing - I just tried to edit it twice and it just won't change! smile

Standard User TrishaH
(experienced) Tue 22-Oct-13 15:43:26
Print Post

Re: 'Link Down' - what is it?


[re: billford] [link to this post]
 
It may be that the easiest way to fix them is to have a good look around the menu system and see if you can reduce what's recorded in the log tongue

There's usually an option to only report events above some degree of severity... sometimes it's called verbosity level.

I did look at that too, and set it at 'Notice' hoping that would be the right one - it had been on 'Informational'. Not sure if the 'Mode' setting should be 'Both' instead of just 'Local' ?
Settings used are underlined, options in brackets:

Log
Configure Log:
Parameters
Log - Enable (Disable)
Log Level - Notice (Emergency, Alert, Critical, Error, Warning, Informational, Debugging )
Display Level - Notice (Emergency, Alert, Critical, Error, Warning, Informational, Debugging)
Mode - Local (Remote, Both)

This is what the log is showing right now (nothing since I switched the computer on this morning):
Oct 22 01:23:57 syslog emerg Router started: BusyBox v1.17.2
Oct 22 01:23:57 daemon notice kernel: klogd started: BusyBox v1.17.2 (2013-07-31 17:16:52 CST)
Oct 22 03:03:00 daemon crit kernel: eth3 (switch port: 1) Link DOWN.
Oct 22 03:03:03 daemon crit kernel: eth3 (switch port: 1) Link UP 10 mbps full duplex
Oct 22 10:58:42 daemon crit kernel: eth3 (switch port: 1) Link DOWN.
Oct 22 10:58:46 daemon crit kernel: eth3 (switch port: 1) Link UP 1000 mbps full duplex

It seems the option to configure the logs only applies to the standard one, and not the security log which is still showing intrusions (attempted intrusions I assume).

Standard User billford
(elder) Tue 22-Oct-13 16:24:46
Print Post

Re: 'Link Down' - what is it?


[re: TrishaH] [link to this post]
 
A setting of "Notice" sounds about right. It doesn't indicate where in the list it lives, I'd guess between "Warning" and "Error"?
In reply to a post by TrishaH:
Not sure if the 'Mode' setting should be 'Both' instead of just 'Local' ?
I would think that the "Mode" setting of Local means that it will only report possible problems within your own network- those eth3 messages indicate something going on with one of the Ethernet ports. (Probably nothing to worry about- it looks like a speed change, maybe a brief burst of interference from somewhere.)

If that's right, it won't report events on the link to the exchange, which is probably the more useful one! I don't think the "Local" setting would show loss of sync etc.

Try setting it to "Both" and see what it comes up with.

That's a nice set of logging options... my Asus, which is broadly the same class of router, gives me practically no useful options at all- it's about the only thing I dislike about it frown

Bill
A level playing field is level in both directions.

__________Fold at Home_________________Planes and Boats and ... ______________BQMs: IPv4 IPv6
Standard User TrishaH
(experienced) Tue 22-Oct-13 17:00:46
Print Post

Re: 'Link Down' - what is it?


[re: billford] [link to this post]
 
A setting of "Notice" sounds about right. It doesn't indicate where in the list it lives, I'd guess between "Warning" and "Error"?


It's between 'Warning' & 'Informational'


I would think that the "Mode" setting of Local means that it will only report possible problems within your own network- those eth3 messages indicate something going on with one of the Ethernet ports. (Probably nothing to worry about- it looks like a speed change, maybe a brief burst of interference from somewhere.)

If that's right, it won't report events on the link to the exchange, which is probably the more useful one! I don't think the "Local" setting would show loss of sync etc.

Try setting it to "Both" and see what it comes up with.


Tried that - The config screen showed two more boxes when I'd selected 'Both', and I didn't know what to put in the 'Server IP Address':
Parameters
Log - Enable ( Disable )
Log Level - Notice (Emergency, Alert, Critical, Error, Warning, Informational, Debugging,)
Display Level -Notice (Emergency, Alert, Critical, Error, Warning, Informational, Debugging,)
Mode - Both (Local, Remote)
Server IP Address - that's showing 0.0.0.0 and it asks for correct IP address
Server UDP Port - that's showing 514
That's a nice set of logging options... my Asus, which is broadly the same class of router, gives me practically no useful options at all- it's about the only thing I dislike about it frown


I think you'd like this then ..seems to have lots of 'stuff' I haven't seen before! All serves to puzzle me, but for someone who knows what they're looking at, probably very useful.
With things like this, too much information means I have to start asking questions in case I'm seeing a problem smile

Standard User billford
(elder) Tue 22-Oct-13 17:18:42
Print Post

Re: 'Link Down' - what is it?


[re: TrishaH] [link to this post]
 
In reply to a post by TrishaH:
It's between 'Warning' & 'Informational'
OK, that should be fine. There isn't really a "correct" setting, it depends what you're doing- if you get too much in the log that's of no interest, move it up a notch smile.
The config screen showed two more boxes when I'd selected 'Both', and I didn't know what to put in the 'Server IP Address':
Right, that means it doesn't do what I thought it did- "Remote" means it will send logged events to another computer on the network, mine will do that. It can be useful at times, but it's unlikely you'll need it (I'm not even sure if Windows machines can handle it) so put it back to "Local".
I think you'd like this then ..seems to have lots of 'stuff' I haven't seen before!
Maybe... there's a couple of setup pages on mine that I leave severely alone smile

Bill
A level playing field is level in both directions.

__________Fold at Home_________________Planes and Boats and ... ______________BQMs: IPv4 IPv6
Pages in this thread: 1 | 2 | 3 | [4] | 5 | 6 | (show all)   Print Thread

Jump to