Monday, January 09, 2012

Planet WNAP-7300 (Zcomax ZCN-1523H-5) with OpenWrt r29664

It turned out to be just like I suspected, Planet WNAP-7300 (at least with firmware "2.0.3(PL)4") is exactly same device as Zcomax ZCN-1523H-5. Atheros AR7240 rev. 2 at 350MHz, Atheros AR9280 rev 2 5GHz radio, 32MB RAM, 8MB Flash and two 10/100 Ethernet ports. Therefore it works with Zcomax OpenWrt firmware. Bridge performance seems acceptable, around 70Mbit/s real world in bridged mode and 60Mbit/s if OpenWrt is doing NAT. With around 25 meters nearly line-of-sight performance is ~40Mbit/s. All tests uni-directional TCP (FTP/HTTP) with no other traffic than ICMP echo going on at the same time.



In this case we wanted to create connection between two sites called Washington and Pjongjang. Washington has 100Mbit/s Internet connection and Pjongjang got only power, often not even that.

Design:

  • Bridge Internet from Washington eth1 to Pjongjang eth1 (AP LAN port #2, wan in OpenWrt config)

  • Bridge Intranet from Washington eth0 to Pjongjang eth0 (AP LAN port #1, lan in OpenWrt config)

  • DHCP client running on eth0 for Internet access

    • With dynamic DNS registration for remote access to OpenWrt (ssh only, no web interface)

  • DHCP server on eth1 and wireless for Intranet clients (Washington only)

  • Wireless SSID 'AoE-Inter-bridge' with WPA2-PSK in WDS mode for Internet bridge

  • Wireless SSID 'AoE-Intra-bridge' with WPA2-PSK in WDS mode for Intranet bridge

  • Wireless SSID 'AoE-Wireless-Domination' with WPA2-PSK bridged to Intranet

    • As WNAP-7300 / ZCN-1523H-5 is 5GHz only access-point not all clients can use this SSID!

  • Internet access from Intranet and AoE-Wireless-Domination will go out with Washington eth1 IP

    • Internet interface on Pjongjang is only used for remote management

OpenWrt install:

  • Login to Planet default web interface http://192.168.1.1/ login: admin, password: admin

  • There's no DHCP server running on stock firmware so set your PC address to 192.168.1.3/24 for example

  • Select Management > Firmware Upload

  • Upload openwrt-ar71xx-generic-zcn-1523h-5-16-squashfs-factory.img

  • Wait few minutes

  • Device comes up with eth1 configured as DHCP client and eth0 with DHCP server.

  • Rest is just like with any other OpenWrt access point

Configuration:

  • Telnet to 192.168.1.1

  • Set root password with 'passwd'

  • Disconnect and login to 192.168.1.1 with SSH

  • Install and start luci web-interface we use for most of configuration

    • opkg update

    • opkg install luci

    • /etc/init.d/uhttpd enable

    • /etc/init.d/uhttpd start

  • Close SSH


  • Open http://192.168.1.1 and login as root with password you just configured

  • System > System > System Properties

    • Set hostname and timezone


  • System > Software

  • Install luci-app-ddns


  • Services > Dynamic DNS (click some other tab first if new Services tab is not yet visible)

  • These work with Finnish "dy.fi" service

    • Add checkbox to Enable

    • Service: Custom:

    • Update url:  http://[USERNAME]:[PASSWORD]@www.dy.fi/nic/update?hostname=[DOMAIN]

    • Hostname: Hostname you created via www.dy.fi management page

    • Username: Email you used to register with dy.fi

    • Password: Well doh!

    • Change Force update to 120 hours

    • Rest of settings can be left as-is


  • Network > Wifi

  • Click 'Add' button on right side

    • Device Configuration > General Setup

    • Channel: 44 (5.220 GHz)

    • Transmit Power: 17 dBm (50 mW)

    • Device Configuration > Advanced Settings

    • Mode: 802.11a+n

    • HT Mode: 40MHz 2nd channel above

    • Country Code: FI - Finland

    • Distance Optimization: 100

    • Interface Configuration > General Setup

    • ESSID: AoE-Inter-bridge

    • Mode: Access Point (WDS) [WASHINGTON ONLY]

    • Mode: Client (WDS) [PJONGJANG ONLY]

    • Network: wan

    • Interface Configuration > Wireless Security

    • Encryption: WPA2-PSK

    • Cipher: Force CCMP (AES)

    • Key: Generate long key, for example using GRC if you trust it.


  • Network > Wifi

  • Click 'Add' button on right side

    • Interface Configuration > General Setup

    • ESSID: AoE-Intra-bridge

    • Mode: Access Point (WDS) [WASHINGTON ONLY]

    • Mode: Client (WDS)  [PJONGJANG ONLY]

    • Network: lan

    • Interface Configuration > Wireless Security

    • Encryption: WPA2-PSK

    • Cipher: Force CCMP (AES)

    • Key: Generate long key.


  • Network > Wifi

  • Click 'Add' button on right side

    • Interface Configuration > General Setup

    • ESSID: AoE-Wireless-Domination

    • Mode: Access Point

    • Network: lan

    • Interface Configuration > Wireless Security

    • Encryption: WPA2-PSK

    • Cipher: Auto

    • Key: Long enough to be safe, but short enough to type on various client devices

    • Network > Wifi

    • Click Remove next to default SSID: OpenWrt


  • Network > Firewall > Traffic Rules

    • Create new rule named "SSH IN", Protocol TCP, External port 22.

    • Additionally restrict access from WAN to only specific IPs


  • Interfaces > Click Edit on LAN interface [PJONGJANG ONLY]

    • Common Configuration > General Setup

    • IPv4 address: 192.168.1.2

    • DHCP Server > General Setup

    • Add checkbox to "Ignore interface"


  • Click Unsaved Changes on upper right corner and select Save & Apply

    • Reconnect to web interface using new 192.168.1.2 IP [PJONGJANG ONLY]


  • Network > Wifi

    • Click Enable next to one of new interfaces you created, wireless interface is still in disabled state

Factory leds (green, amber, red) indicating wireless link quality are not used. One could write shell script for example to monitor link quality, but that would deserve own post and hacking on shell.

No comments:

Post a Comment

Got something to say?!