Operating System For Ubiquiti Airmax Ac Series Products Release Version: 8

Operating System for Ubiquiti®
airMAX® ac Series Products

Release Version: 8
airOS v8 User Guide Table of Contents
Table of Contents
Chapter 1: Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Supported Products. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
airOS 8 Network Modes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
airOS 8 Wireless Modes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
System Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
Getting Started. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
airMAX ac Series Product Verification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
Navigation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
airOS Notifications. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Chapter 2: Main. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Wireless. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Chapter 3: Wireless. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Basic Wireless Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Wireless Security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Signal LED Thresholds. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Advanced. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Chapter 4: Network. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Network Role. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Configuration Mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Management Network Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
WAN Network Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
LAN Network Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
IP Aliases. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
VLAN Network. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27
Bridge Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Static Routes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Port Forwarding. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Multicast Routing Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Traffic Shaping. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Ubiquiti Networks, Inc. i

Table of Contents airOS v8 User Guide
Chapter 5: Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Ping Watchdog. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
SNMP Agent. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .34
Telnet Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
NTP Client. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Dynamic DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
System Log. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Device Discovery. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Chapter 6: System. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Firmware Update. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Date Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
System Accounts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Location . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Device Maintenance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Chapter 7: airMagic. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
airMagic Display. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Using airMagic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
Chapter 8: Tools and Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

airView. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Alignment. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .45
Discovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Site Survey. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Ping. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Traceroute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Speed Test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Appendix A: Contact Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49

Ubiquiti Networks Support. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
ii Ubiquiti Networks, Inc.

airOS v8 User Guide Chapter 1: Overview
Chapter 1: Overview • Comprehensive Array of Diagnostic Tools, including RF

Diagnostics and airView® Spectrum Analyzer
This User Guide describes the airOS operating system
Introduction version 8, which works with all airMAX ac Series products
Welcome to airOS® 8 – the latest evolution of the airOS provided by Ubiquiti Networks.
Configuration Interface by Ubiquiti Networks. Sporting
an all-new design for improved usability, airOS is the Note: airOS 8 is compatible with airMAX M stations
revolutionary operating system for Ubiquiti® airMAX® ac running airOS 6.
products, offering the following powerful wireless features:
• Access Point PtMP airMAX Mixed Mode Supported Products
• airMAX ac Protocol Support airOS 8 supports the following airMAX ac Series products:
• Long-Range Point-to-Point (PtP) Link Mode • Rocket® ac
• Selectable Channel Width: 10/20/30/40/50/60/80 MHz • NanoBeam® ac
(channel selection varies by product model) • PowerBeam™ ac
• Automatic Channel Selection • LiteBeam® ac
• Transmit Power Control: Automatic/Manual airOS 8 is compatible with airMAX M stations running
• Automatic Distance Selection (ACK Timing) airOS 6.
• Strongest WPA2 security For more information, visit www.ubnt.com
Usability enhancements include: airOS 8 Network Modes
• airMagic™ Channel Selection Tool airOS 8 supports the following network modes:
• Redesigned User Interface • Transparent Layer 2 Bridge
• Dynamic Configuration Changes • Router
• Instant Input Validation
• HTML5 Technology
• Optimization for Mobile Devices
• Detailed Device Statistics
Ubiquiti Networks, Inc. 1

Chapter 1: Overview airOS v8 User Guide
airOS 8 Wireless Modes 4. Upon subsequent login, the standard login screen
appears. Enter ubnt in the Username and Password
airOS 8 supports the following wireless modes: fields, and click Login.
• Access Point PTP
• Access Point Point-to-MultiPoint (PtMP) airMAX ac
• Access Point PtMP airMAX Mixed
• Station PtP
• Station PtMP
System Requirements
• Microsoft Windows 7, Windows 8, Windows 10; Linux; or
Mac OS X
• Web Browser: Mozilla Firefox, Apple Safari, Google
Chrome, Microsoft Internet Explorer 11 (or above), or
Microsoft Edge
Note: To enhance security, we recommend that you
Getting Started change the default login on the System page. For
To access the airOS Configuration Interface, perform the details, go to “System Accounts” on page 39.
following steps:
1. Configure the Ethernet adapter on your computer airMAX ac Series Product
with a static IP address on the 192.168.1.x subnet (for Verification
example, IP address: 192.168.1.100 and subnet mask:
255.255.255.0). The airOS Configuration Interface will display the
following logo at the lower edge of the screen if the
2. Launch your web browser. Enter https://192.168.1.20 product is genuine.
in the address field. Press Enter (PC) or Return (Mac).
If the authenticity of the Ubiquiti product cannot be

Note: airOS 8 does not support legacy products
verified, airOS will display the error message below.
such as AirRouter.
Please contact Ubiquiti at support@ubnt.com regarding
3. Upon initial login, the Terms of Use appear on the login this product.
screen. Enter ubnt in the Username and Password fields,
and select the appropriate choices from the Country
and Language drop-down lists. Check the box next to
I agree to these terms of use, and click Login.
2 Ubiquiti Networks, Inc.

airOS v8 User Guide Chapter 1: Overview
Navigation At the lower left and upper right of the window are icons
used to access additional tools and information:
The airOS Configuration Interface contains three main
pages. Each web-based management page is used to
configure a specific aspect of the Ubiquiti device, and is Icon Web-Based Management Page
accessed by clicking its icon in the navigation bar on the Displays the system log. For details, refer to
left side of the interface: “Log” on page 48.
Displays a list of network administration and
Icon Web-Based Management Page
monitoring tools. For details, refer to “Tools
Displays the Main page containing the and Information” on page 43.
dashboard, with device and link status,
Click this icon to immediately log out of
statistics, and network monitoring and RF
airOS 8.
performance data. For detailed information,
refer to “Main” on page 5.
Help Information
Displays the Settings page which contains the
following tabs: Help information, indicated by [?], is available for selected
settings throughout the Configuration Interface. To
• Wireless Configures wireless settings, display the help information, click [?].
including the wireless mode, Service Set
Identifier (SSID), channel and frequency,
output power, and wireless security. For
detailed information, refer to “Wireless” on
page 13. airOS Notifications
• Network Configures the network operating
mode; Internet Protocol (IP) settings; IP
Pending Changes
aliases; VLANs; packet filtering, bridging, When you make changes to any settings on any page, the
and routing routines; and traffic shaping. For following buttons appear at the bottom of the page
detailed information, refer to “Network” on
page 19.
• Services Configures system management
services: Ping Watchdog, Simple Network
Management Protocol (SNMP), servers
(web, SSH, Telnet), Network Time Protocol Use the buttons to perform operations on all unsaved
(NTP) client, Dynamic Domain Name System changes. You have three options:
(DDNS) client, system log, and device Test Changes Click Test Changes to try changes without
discovery. For detailed information, refer to saving them. You have two options:
“Services” on page 33. • Apply Click Apply to save changes.
• System Controls system maintenance • Discard Click Discard to cancel changes.
routines, including firmware update,
Note: If you do not click Apply within 180 seconds
date settings, administrator account
(the countdown is displayed), the device times out
management, location management,
and resumes its earlier configuration.
device maintenance, and configuration
backup. You can also change the language Revert Changes Click Revert Changes to cancel all
of the web management interface. For changes on all pages.
detailed information, refer to “System” on Save Changes Click Save Changes to immediately apply
page 37. and save changes.
Displays the airMagic tool, which is used to
identify the three most spectrally efficient
channels in your system. For detailed
information, see “airMagic” on page 41.

Chapter 1: Overview airOS v8 User Guide

airOS v8 User Guide Chapter 2: Main
Chapter 2: Main Memory Displays the percentage of memory currently

being used.
The Main page displays the Dashboard, which provides Network Mode Displays the network operating mode:
a summary of the link status information, current values Bridge or Router. The default setting is Bridge. Configure
of the basic configuration settings (depending on the the Network Mode on the Network tab.
operating mode), network settings and information, and Version Displays the airOS firmware version.
traffic statistics.
CPU Displays the percentage of CPU capacity currently
Device being used.
The Device section displays basic identifying and status Date Displays the current system date and time (the
information on the device. format is browser and location-dependent). The system
date and time is retrieved from the Internet using NTP
(Network Time Protocol). The NTP Client is disabled by
default on the Services page. The device doesn’t have an
internal clock, and the date and time may be inaccurate if
the NTP Client is disabled or the device isn’t connected to
Device Model Displays the model name of the device. the Internet.
Device Name Displays the customizable name or Uptime This is the total time the device has been running
identifier of the device. The Device Name (also known since the latest reboot (when the device was powered up)
as host name) is displayed in registration screens and or software upgrade. The time is displayed in days, hours,
discovery tools. minutes, and seconds.

Chapter 2: Main airOS v8 User Guide
Airtime Displays the average wireless bandwidth RX Bytes Displays the total amount of data (in bytes)
usage (calculated using the sum of all successful and received by the interface.
failed transmissions) as a percentage of the maximum RX Errors Displays the number of receive errors.
theoretical bandwidth utilization.
TX Bytes Displays the total amount of data (in bytes)
LAN Speed Displays the Ethernet port mode (speed, transmitted by the interface.
duplex mode), such as 1000Mbps-Full or 100Mbps-Full.
TX Errors Displays the number of transmit errors.
Cable SNR (Available on non-Rocket Prism devices only.)
Displays the cable Signal-to-Noise Ratio (SNR) in dBm. A Manage airGateway (Available only from a station
value of 0 indicates that the cable is not connected or the connected to an airMAX airGateway.) Click Manage
Ethernet port is down. airGateway to remotely provision the airGateway.
Cable Length (Available on non-Rocket Prism devices Close To close the window, click Close.
only.) Displays the length of the cable attached to the PPPoE Information
device.
(Available if PPPoE is enabled in Router mode.) Click PPPoE
Location (Available on Rocket Prism devices only.) to display information on the PPPoE connection if PPPoE
Displays the device’s location as degrees latitude/ has been configured on the Network page (for detailed
longitude and altitude. information, see “PPPoE” on page 23).
GPS Signal (Available on Rocket Prism devices only.)
Displays the strength of the GPS signal.
More Details Click More Details to display the following
additional information:
• “Interfaces” on page 6
• “PPPoE Information” on page 6
• “ARP Table” on page 7
• “Bridge Table” on page 7
• “Routes” on page 7
• “Firewall” on page 8
• “Port Forward” on page 8
• “DHCP Leases” on page 8 Username Displays the username used to connect to the
Interfaces PPPoE server.
Click Interfaces to display the name, MAC address, MTU, IP Local IP Address Displays the IP address of the local
address, and traffic information for the device’s interfaces. PPPoE tunnel endpoint.
Remote IP Address Displays the IP address of the remote
PPPoE tunnel endpoint.
Primary DNS IP Displays the IP address of the primary
DNS server.
Secondary DNS IP Displays the IP address of the
secondary DNS server.
Connection Time Displays the total elapsed time of the
PPPoE connection.
Bytes Transmitted Displays the total number of bytes
transmitted over the PPPoE connection.
Bytes Received Displays the total number of bytes
received over the PPPoE connection.
TX/RX Packets Displays the total number of packets
Interface Displays the name of the interface. transmitted and received.
MAC Address Displays the MAC address of the interface. TX/RX Compression Ratio Displays the compression
MTU Displays the Maximum Transmission Unit (MTU), ratio of transmitted and received data.
which is the maximum frame size (in bytes) that a network Refresh To update the information, click Refresh.
interface can transmit or receive. The default is 1500.
Restart Service To restart PPPoE service, click Restart
IP Address Displays the IP address of the interface. Service.
Close To close the window, click Close.
ARP Table Interface Displays the network interface (bridge

port) on which the MAC address is located. airOS can
Click ARP Table to list all entries in the Address Resolution
forward packets only to the specified port of the device,
Protocol (ARP) table currently recorded on the device.
eliminating redundant copies and transmits.
ARP is used to associate each IP address to the unique
Aging Timer Displays aging time for each address entry
hardware MAC address of each device on the network. It
(in seconds). After a specific timeout, if the device has not
is important to have unique IP addresses for each MAC
seen a packet coming from a listed address, it will delete
address or else there will be ambiguous routes on the
that address from the Bridge Table.
network.
Refresh To update the information, click Refresh.
Routes
Click Routes to list all the entries in the system routing table.
IP Address Displays the IP address assigned to a network

device.
MAC Address Displays the MAC address of the device.
Interface Displays the interface that connects to the
device.
airOS examines the destination IP address of each data
packet traveling through the system and chooses the
Close To close the window, click Close. appropriate interface to forward the packet to. The system
Bridge Table choice depends on static routing rules, the entries that
are registered in the system routing table. Static routes to
(Available in Bridge mode only.) Click Bridge Table to
specific hosts, networks, or the default gateway are set up
display the entries in the system Bridge Table.
automatically according to the IP configuration of all the
Note: A bridge is a logical device used to connect airOS Configuration Interfaces.
different physical or virtual network interfaces
Note: Static routes also can be added manually.
(bridge ports): Wireless, Ethernet, VLAN.
For more information, refer to “Static Routes” on
A bridge table shows a list of all learned MAC
page 29.
addresses for a bridge.
Destination Displays the IP address of the destination
network or destination host.
Gateway Displays the IP address of the appropriate
gateway.
Netmask Displays the netmask for the destination
network: 255.255.255.255 for a host destination, and 0.0.0.0
for the default route.
Note: The default route is the route used when no
other routes for the destination are found in the
routing table.
Interface Displays the interface to which packets for a
particular route will be sent.
Bridge The name of the bridge.
MAC Address Displays the learned MAC address of a
network device on a specific bridge port.

Firewall Port forwarding allows you to connect to a specific service

such as an FTP server or web server. Port forwarding
(Available if Firewall is enabled on the Network page.) Click
creates a transparent tunnel through a firewall/NAT,
Firewall to list all the entries in the firewall table.
granting access from the WAN side to the specific network
service running on the LAN side.
Chain PortForward Displays active port forward entries
in the PREROUTING chain of the standard iptables nat
table, while the device is operating in Router mode
(DNAT).
Configure port forwarding rules on the Network page. See
“Port Forwarding” on page 29 for additional details.
DHCP Leases
(Available if DHCP is enabled on the Network page.)
Click DHCP Leases to display the current status of the IP
By default, there are no firewall rules.
addresses assigned by the device’s DHCP server to its local
If the device is operating in Bridge mode, the table lists clients.
active firewall entries in the FIREWALL chain of the
standard ebtables filter table.
If the device is operating in Router mode, the table
lists active firewall entries in the FIREWALL chain of the
standard iptables filter table.
IP and MAC level access control and packet filtering in
airOS are implemented using an ebtables (bridging) or
iptables (routing) firewall that protects the resources of
a private network from outside threats by preventing
unauthorized access and filtering specified types of
network communication.
Configure firewall rules on the Network page. See
“Firewall” on page 28 (Bridge mode) or “Firewall” on
page 28 (Router mode) for additional details.
Search Enter the keyword to search for the desired
Port Forward MAC Address, IP Address, Remaining Lease time, or
(Available if Port Forwarding is enabled in Router mode.) Hostname. To filter the list of entries, enter a string in the
Click Port Forward to list all port forwarding rules. Search box and press Enter (PC) or return (Mac). Only
entries with matching text will be displayed.
MAC Address Displays the client’s MAC address.
IP Address Displays the client’s IP address.
Remaining Lease Displays the remaining time of the
leased IP address assigned by the DHCP server.
Hostname Displays the device name of the client.
Configure DHCP on the Network page. See “DHCP” on
page 22 for additional details.

Wireless of these modes at a time. For example, if the device is

running in an Access Point mode, it cannot simultaneously
The Wireless section of the dashboard displays the run in a Station mode.
following information for all local and remote devices:
SSID Displays the wireless network name (SSID), which
• Link information and statistics depends upon the wireless mode selected:
• Average/isolated capacity and throughput data • In Station modes, this displays the SSID of the AP the
• Constellation diagrams, Carrier to Interference-plus- device is associated with.
Noise Ratio (CINR) histograms, and signal, noise, and • In Access Point modes, this displays the SSID configured
interference time series plots on the device using the Wireless tab.
Configure the SSID on the Wireless page. See “SSID” on
page 14 for additional details.
WLAN0 MAC Displays the MAC address of the device as
seen on the wireless network.
Security Displays the wireless security method being
used on the device. If None is displayed, then wireless
security has been disabled.
Distance (Available in Access Point PTP modes only.)
Displays the current distance between devices in
kilometers and miles for Acknowledgement (ACK)
frames. Changing the distance value will change the
ACK (Acknowledgement) timeout accordingly. The ACK
timeout specifies how long the device should wait for
Link Information and Statistics an acknowledgement from a partner device confirming
frame reception before it concludes that there has been
In Access Point PTP, Station PTP, and Station PTMP modes, an error and resends the frame. You can adjust the
airOS displays statistics on the local and remote devices, as Distance value on the Wireless page (see “Distance” on
shown below. page 16).
RX Chain 0 / 1 Displays the wireless signal level (in dBm)
of each chain.
RX Signal Displays the received signal level in dBm.
Connections (Available in Access Point PTMP modes only.)
Displays the number of stations that are connected to the
In Access Point PTMP modes, airOS also displays device.
information on the connected stations. By default, this Connection Time (Available in Access Point PTP and
information is minimized as shown below; click Station Station modes only.) Displays the association time of the
List to display the information (refer to “Station List” on connected access point or station. The time is expressed in
page 10 for a detailed description of this information). days, hours, minutes, and seconds.
Frequency Displays the actual operating frequency center
and operating frequency range (in MHz) which depends on
the channel width being used. If “DFS” is displayed next to
the frequency, this indicates that the selected channel has
DFS (Dynamic Frequency Selection) capabilities.
Local Channel Width This is the spectral width of the radio
channel used by the device. airOS 8 supports 10, 20, 30,
Wireless Mode Displays the operating mode of the local 40, 50, 60, and 80 MHz; however, available channel widths
radio interface. airOS supports five operating modes (not are device-specific. Default values are as follows:
all products support all modes): Station PTP, Station PTMP,
Access Point PTP, Access Point PTMP AirMax AC, and • Access Point PTP mode: Default is 80 MHz.
Access Point PTMP AirMax Mixed. The default setting • Access Point PTMP AirMax AC mode: Default is 40 MHz.
is device‑specific. Configure the Wireless Mode on the • Access Point PTMP AirMax Mixed mode: Default is 40 MHz.
Wireless tab (see “Basic Wireless Settings” on page 13
• Station PTP mode: Default is Auto 20/40/80 MHz.
for additional details).
• Station PTMP mode: Default is Auto 20/40 MHz.
Any airMAX ac series device may operate in only one

TX Rate Displays the transmit data rate: 1x (BPSK 1x1), TX Power Displays the transmit power level in dBm.
2x (QPSK 1x1), 4x (16QAM 2x2), 6x (64QAM 2x2), and TX/RX Bytes Displays the total number of bytes
8x (256QAM 2x2). transmitted and received during the connections uptime.
RX Rate Displays the received data rate: 1x (BPSK 1x1), Reconnect (Available in Station modes.) To establish the
2x (QPSK 1x1), 4x (16QAM 2x2), 6x (64QAM 2x2), and wireless link to the AP or station again, click Reconnect.
8x (256QAM 2x2).
Station List
TX Power Displays the transmit power level in dBm.
In Access Point PTMP AirMax AC or Access Point PTMP AirMax
TX/RX Bytes Displays the number of bytes transmitted
Mixed mode, airOS displays a table with statistics for all
and received in bytes.
stations that are connected to the device (if the table is
Remote not displayed, click Station List to display it):
Wireless Mode Displays the operating mode of the
remote device: Station PTP, Station PTMP, Access Point PTP,
Access Point PTMP AirMax AC, and Access Point PTMP AirMax
Mixed. The default setting is device‑specific.
Device Model Displays the model of the AP or station. You can modify this table as follows:
Version Displays the firmware version of airOS on the AP • To filter the list of stations, enter a string in the Search
or station. box and press Enter (PC) or return (Mac). Only stations
with matching text will be displayed.
AP MAC (Available in Station modes.) This displays the
MAC address of the AP the device is associated with. • To sort the table on a particular column, click the
column heading; each click toggles the sort order.
MAC Address (Available in Access Point modes.) Displays
the MAC address of the station. • To select which columns are displayed in the table, click
Columns, select all columns to be displayed, deselect all
RX Chain 0 / 1 Displays the wireless signal level (in dBm) columns to be hidden, and then click OK.
of each chain.
The following columns are selected by default: Station
RX Signal Displays the received signal level in dBm. MAC, Device Model, Device Name, Signal RX, Signal TX,
Distance (Available in Access Point PTMP modes Distance, Isolated Capacity TX, Isolated Capacity RX,
only.) Displays the current distance between devices Airtime TX, Airtime RX, Connection Time, Last IP.
in kilometers and miles for Acknowledgement The table contains the following information (use the
(ACK) frames. With Auto Adjust enabled, the device’s table’s horizontal scroll bar to view all the fields):
auto‑acknowledgement timeout algorithm dynamically
optimizes the frame acknowledgement timeout value Station MAC Displays the MAC address of the station.
without user intervention. Device Model Displays the model name of the station.
Connection Time (Available in Access Point PTMP modes Firmware Displays the current firmware version number.
only.) Displays the association time of the connected Device Name Displays the station’s host name. The
access point or station. The time is expressed in days, device name can be changed on the System tab.
hours, minutes, and seconds.
Signal RX Displays the receive signal level in dBm.
Airtime TX/RX Displays the transmit and receive airtime
Note: The Signal RX value is displayed in red if it is
values. The airtime is the averaged wireless bandwidth
too high (above -40 dBm).
utilization (percentage of theoretical transmission
maximum), for both failed and successful transmission Signal TX Displays the transmit signal level in dBm.
attempts.
RX Chain 0 / 1 Displays the last received wireless signal
Desired Priority (Available in Station modes only.) level per chain.
Displays the requested airMAX station priority level that
Note: The RX Chain 0 and RX Chain 1 values are
is configured on the Wireless tab of the Settings page (for
displayed in red if the difference between them
more information, refer to “airMAX Station Priority” on
exceeds the recommended maximum of 5 dBm.
page 18).
Noise The Noise value represents the AP noise level.
Priority (Available in Station modes only.) Displays the
current operating priority of the station. Latency Displays the latency value in ms.
Note: The Priority may be lower than the Distance Displays the current distance between
configured Desired Priority. The AP automatically devices in kilometers and miles for Acknowledgement
lowers the priority depending upon RF conditions (ACK) frames. With Auto Adjust enabled, the device’s
and performance. auto‑acknowledgement timeout algorithm dynamically
optimizes the frame acknowledgement timeout value
Latency Displays the latency value, in ms, for wireless
without user intervention.
frames.

TX Rate Displays the data rate of the last transmitted The isolated capacity is the expected maximum rate
packet. at which data can be transmitted over the channel
RX Rate Displays the data rate of the last received packet. (accounting for protocol overhead and interference). The
average capacity is the average TX/RX isolated capacity of
TX/RX Bytes Displays the total number of bytes the associated stations.
transmitted and received from the station during the
connection uptime. For the throughput graph, the chart scale and throughput
dimension (bps, kbps, Mbps) change dynamically
TX/RX Packets per Second (PPS) Displays the mean depending on the mean throughput value. The statistics
value of the transmitted and received packet rates. are updated automatically.
TX Power Displays the remote station transmit power
in dBm. RF Performance
Isolated Capacity TX/RX Displays the transmit and The RF Performance section displays persistent RF Error
receive capacity that the station would have if it were the Vector Magnitude (EVM) constellation diagrams, Carrier
only station on the network. to Interference-plus-Noise Ratio (CINR) histograms, and
airTime TX Displays the transmit airtime percentage Signal, Noise, and Interference time series plots:
value. The airtime is the percentage of the time the radio
resource is utilized in the specified direction (TX).
airTime RX Displays the receive airtime percentage
value. The airtime is the percentage of the time the radio
resource is utilized in the specified direction (RX).
Desired Priority Displays the requested airMAX station
priority level that is configured on the Wireless page (for The RF Performance section displays the following
details, see “airMAX Station Priority” on page 18). information for both the local and remote devices:
Priority (Available in Station PTMP mode only.) Displays Local/Remote Constellation Diagram Provides a real-
the current operating priority of the station. time visual depiction of the modulation for the local or
Note: The Priority may be lower than the remote device. The modulation, which can be 1x (BPSK),
configured Desired Priority. The AP automatically 2x (QPSK), 4x (16-QAM), 8x (64-QAM), or 16x (256-QAM),
lowers the priority depending upon RF conditions adjusts dynamically as the system adapts to changing
and performance. conditions. The plotted points’ appearance indicates the
signal quality: tightly defined points indicate higher signal
Connection Time Displays the total time elapsed for the quality, while diffuse points indicate lower signal quality.
connection.
CINR (dB) These histograms display the CINR, in dB,
Last IP Displays the station’s last IP address. for the local and remote devices. The CINR is a measure
Action Displays available options for this station. For of signal quality. It is the median value of how high the
example, click Kick to drop the connection to this station. signal is over the combined interference and noise. In
each histogram, the color shows the distribution of CINR
Isolated/Average Capacity and values; the darker the color, the greater the number of
Throughput occurrences of that value.
(Isolated Capacity available in AP PTP and Station modes. Signal, Noise and Interference Displays a time-based
Average Capacity available in AP PTMP modes only.) plot of the system signal, noise, and interference levels
in dBm for both the local and remote devices. The power
and CINR levels for the local and remote devices are also
displayed above each constellation diagram.
This section displays the isolated or average capacity, or

the throughput, for both the local and remote devices.
To display the isolated/average capacity, click Isolated
Capacity or Average Capacity. To display the throughput,
click Throughput.
The capacity and throughput plots display the current
data transmission rate, data reception rate, and latency in
graphical and numerical form.


airOS v8 User Guide Chapter 3: Wireless
Chapter 3: Wireless • Access Point PTMP AirMax AC If you have a single
device to act as an AP in a Point-to-MultiPoint (PtMP)
The Wireless tab contains everything needed to set up the link, and if your network contains only airMAX AC
wireless part of the link, including the wireless mode, SSID, devices, configure it as Access Point PTMP mode. The
channel and frequency, output power, data rates, and device functions as an AP that connects multiple client
wireless security. devices (client devices must be in Station PTMP mode).
Basic Wireless Settings

Configure the basic wireless settings.
Wireless Mode Specify the Wireless Mode of the device.
The mode depends on the product model and network
topology requirements. airOS 8 supports the following
modes:
• Access Point PTP If you have a single device to act • Access Point PTMP AirMax Mixed If you have a
as an access point (AP) in a Point-to-Point (PtP) link, single device to act as an AP in a Point-to-MultiPoint
configure it as Access Point PTP mode. The device (PtMP) link, and if your network contains both airMAX
functions as an AP that connects a single client device ac and airMAX M Series devices, configure it as Access
(the client device must be in Station PTP mode). Point PTMP mode. The device functions as an AP that
connects multiple client devices (client devices must be
in Station PTMP mode).
Note: All airMAX M Series devices must use airOS 6

or later.

Chapter 3: Wireless airOS v8 User Guide
• Station PTP If you have a client device to connect to The Site Survey tool will search all supported channels
an AP in a Point-to-Point (PtP) link, configure the client for available wireless networks in range and display a
device as Station PTP mode. The client device acts as the radio button next to each network that you can select for
subscriber station while connecting to the AP (the AP association. The tool has incremental scan functionality
must be in Access Point PTP mode). The AP’s SSID is used, for more dynamic results. If the selected network uses
and all traffic to and from the network devices connected encryption, you’ll need to configure the Wireless Security
to the Ethernet interface is forwarded to the AP. settings (refer to “Wireless Security” on page 16).
• Scanned Frequencies Click to display the list of
frequencies that are being scanned.
• Graphical View Click to display a graphical view of the
signal strength and frequency for each channel being
used by the detected network devices.
• Search Enter a keyword to search for the desired AP.
• Lock to AP Use this option if there are multiple APs
• Station PTMP If you have multiple client devices to using the same SSID. Select the desired AP and click
connect to an AP, configure the client devices as Station Lock To AP to lock the station to the AP and keep it
PTMP mode. The client devices act as the subscriber from roaming between APs with the same SSID. (The AP
stations while they are connecting to the AP (which will be uniquely identified by its MAC address.) Then,
must be in Access Point PTMP mode). The AP’s SSID is click Save Changes to connect the station to the AP.
used, and all traffic to and from the network devices • Select Select the AP and click Select to associate the
connected to the Ethernet interface is forwarded to the station with the AP using the AP’s SSID. Then, click Save
AP and other wireless stations. Changes to connect the station to the AP.
• Scan Click Scan to refresh the list of available wireless
networks.
Selected SSIDs must be visible, have compatible channel
bandwidth and security settings, and must be compatible
with airMAX AC technology. In addition:
• If Access Point PTMP mode is selected on a station
operating in Station PTP mode, the station’s mode will
SSID If the device is operating in Access Point PTP, Access automatically be changed to Station PTMP mode (the
Point PTMP AirMax AC, or Access Point PTMP AirMax Mixed following warning will be displayed: “Wireless Mode:
mode, specify the wireless network name or SSID (Service Warning: New wireless mode selected!”).
Set Identifier) used to identify your WLAN. All the client
• If Access Point PTP is selected on a station operating
devices within range will receive broadcast messages from
in Station PTMP mode, the station’s mode will
the AP advertising this SSID.
automatically be changed to Station PTP mode (the
If the device is operating in a Station mode, specify the following warning will be displayed: “Wireless Mode:
SSID of the AP that the device is associated with. Warning: New wireless mode selected!”).
Note: If there are multiple APs with the same SSID, The list of Scanned Frequencies for the Site Survey is
use the Lock to AP MAC field instead to specify the determined by the Control Frequency Scan List option, if
AP to associate with. the option is enabled.
Select (Available in Station PTP or Station PTMP mode Lock to AP MAC (Available only in Station PTP or Station
only.) To display the list of available APs, click Select. PTMP mode.) Displays the AP MAC address selected by the
Lock to AP button in the Site Survey tool.
Country Each country has their own power level and
frequency regulations. To ensure the device operates under
the necessary regulatory compliance rules, you must select
the country where your device will be used. (The country
is selected upon initial login, as described in “Getting
Started” on page 2.) The channels, frequencies,
and output power limits will be tuned according to the
regulations of the selected country.
Note: For the Country setting, U.S. product versions
are restricted to a choice of Canada, Puerto Rico,
or the U.S. to ensure compliance with FCC/IC
regulations.

Channel Width Displays the spectral width of the radio Control Frequency Scan List, MHz (Available in Station
channel. You can use this option to control the bandwidth modes only.) This restricts scanning to only the selected
consumed by your link. frequencies. The benefits are faster scanning as well as
Using higher bandwidth increases throughput. Using filtering out unwanted APs in the results. The Site Survey
lower bandwidth does the following: tool will look for APs using only the selected frequencies.
Once enabled, click Edit to open the Control Frequency List
• Reduces throughput proportional to the reduction in window.
channel size. For example, as 40 MHz increases possible
speeds by 2x, the half-spectrum channel (10 MHz)
decreases possible speeds by 2x.
• Increases the number of available, non-overlapping
channels, so networks have better scalability.
• Increases the Power Spectral Density (PSD) of the
channel, so you can increase the link distance – more
robust links over long distances.
Available channel widths depend on the selected Wireless
Mode. Here are the options for each mode:
Select the frequencies that you want to scan and click OK,
• Access Point PTP Supported wireless channel or click Cancel to close the window without any selections.
spectrum widths: 80 MHz, 60 MHz*, 50 MHz, 40 MHz,
30 MHz*, 20 MHz, and 10 MHz. Center Frequency, MHz (Available in Access Point PTP or
Access Point PTMP modes only.) The default, Auto, allows
• Access Point PTMP AirMax AC, Access Point PTMP the device to automatically select the frequency. You can
AirMax Mixed Supported wireless channel spectrum specify a frequency from the drop-down list.
widths: 40 MHz, 30 MHz*, 20 MHz, and 10 MHz.
Antenna Select your antenna from the list.
• Station PTP Supported wireless channel spectrum
widths: Auto 20/40/80 MHz (recommended), 60 MHz*, Calculate EIRP Limit This option should remain enabled
50 MHz, 30 MHz*, and 10 MHz. so it forces the transmit output power to comply with the
regulations of the selected country. If enabled, you cannot
• Station PTMP Supported wireless channel spectrum set EIRP above the amount allowed per regulatory domain
widths: Auto 20/40 MHz (recommended), 30 MHz*, and (different maximum output power levels and antenna
10 MHz. gains are allowed for each regulatory domain or country).
Note: The 30 MHz* and 60 MHz* channel widths The available frequencies depend on the product as well
feature improved performance in airOS v7.1.7 as the regulations of the selected country.
or later, and are incompatible with earlier airOS Antenna Gain (Read-only option; cannot be changed.)
versions. Using the 30 MHz* or 60 MHz* channel With Calculate EIRP Limit enabled, Antenna Gain calculates
width in airOS v7.1.7 or later requires an upgrade the TX power backoff needed to remain in compliance
to both sides of the link. with local regulations. The Antenna Gain setting
Control Frequency List, MHz (Available in Access Point complements the Cable Loss setting; they both affect the
modes only.) Multiple frequencies are available to avoid TX power of the device.
interference between nearby APs. The frequency list varies Cable Loss (Only applicable to devices with external
depending on the selected Country and Channel Width antenna connectors.) Enter the cable loss in dB. In case
options. Once enabled, click Edit to open the Control you have high amounts of cable loss, you may increase
Frequency List window. the TX power while remaining in compliance with local
regulations. The Cable Loss setting complements the
Antenna Gain setting; they both affect the TX power of the
device.
Output Power Defines the maximum average transmit
output power (in dBm) of the device. To specify the output
power, use the slider or manually enter the output power
value. The transmit power level maximum is limited
according to country regulations. (If the device has an
internal antenna, then Output Power is the output power
delivered to the internal antenna.)
Select the frequencies and click OK, or click Cancel to close
the window without any selections.

Auto Adjust Distance Enabled by default. We Note: Not using wireless security may compromise
recommend keeping this option enabled. Every time the security of your wireless network.
the station receives a data frame, it sends an ACK MAC ACL To configure a MAC Access Control List (ACL),
(Acknowledgement) frame to the AP (if transmission errors select this option and then configure the Policy setting.
are absent). If the AP does not receive the ACK frame
within the set timeout, it re-sends the frame. The same Policy Select whether to Allow or Deny the MAC
occurs when the AP receives a data frame, but the station addresses in the MAC ACL list. To edit the list, click ACL. For
does not receive the ACK frame within the set timeout. each entry, enter a MAC address and optional comment,
(The timeout value depends on the value of the Distance and then click Add. When you are done editing, click Save
option.) If too many data frames are re-sent (whether the to save the changes or Cancel to exit without saving.
ACK timeout is too short or too long), then there is a poor
connection, and throughput performance drops.
The device has an auto-acknowledgement timeout
algorithm, which dynamically optimizes the frame
acknowledgement timeout value without user
intervention. This critical feature is required for stabilizing
long-distance, outdoor links.
Distance To specify the distance value in miles (or
kilometers), use the slider or manually enter the value.
The signal strength and throughput fall off with range.
Changing the distance value will change the ACK timeout
value accordingly.
If two or more stations are located at considerably
different distances from the AP they are associated with,
the distance to the farthest station should be set on the
WPA2-AES
AP side. To secure your wireless network, select WPA2-AES, which
is WPA2 (Wi-Fi Protected Access 2) security mode with
Max TX Rate Defines the maximum rate at which the
AES (Advanced Encryption Standard) support only. AES
device should transmit wireless packets. The default
is also known as CCMP (Counter Mode with Cipher Block
is Auto; the rate algorithm selects the best data rate,
Chaining Message Authentication Code Protocol), which
depending on link quality conditions. We recommend
uses the AES algorithm.
that you use the Auto option, especially if you are
having trouble getting connected or losing data at a
higher rate (in this case, the lower data rates will be used
automatically). To set a specific maximum rate, select
one of the following: 1x (BPSK), 2x (QPSK), 4x (16QAM),
6x (64QAM), or 8x (256QAM). WPA Authentication Specify one of the following WPA
key selection methods:
Wireless Security • PSK Pre-shared Key method (selected by default).
In Access Point PTP or Access Point PTMP mode, configure • EAP EAP (Extensible Authentication Protocol)
the wireless security settings that will be used by the IEEE 802.1x authentication method. This method is
devices on your wireless network. commonly used in enterprise networks.
In Station PTP or Station PTMP mode, enter the security
settings of the AP that the device is associated with.
PSK
Security The following wireless security methods are
supported: None and WPA2-AES. Follow the instructions
for your selected method.
None
If you want an open network without wireless security,
select None.
WPA Preshared Key Specify a passphrase. The preshared

key is an alpha‑numeric password between 8 and 63
characters long.
Show Click Show if you want to view the characters of the
WPA Preshared Key.

MAC ACL To configure a MAC Access Control List (ACL), Policy Select whether to Allow or Deny the MAC
select this option and then configure the Policy setting. addresses in the MAC ACL list. To edit the list, click ACL. For
Policy Select whether to Allow or Deny the MAC each entry, enter a MAC address and optional comment,
addresses in the MAC ACL list. To edit the list, click ACL. For and then click Add. When you are done editing, click Save
each entry, enter a MAC address and optional comment, to save the changes or Cancel to exit without saving.
and then click Add. When you are done editing, click Save EAP - Station PTP or Station PTMP Mode
to save the changes or Cancel to exit without saving. The options below apply in Station PTP or Station PTMP
EAP mode only.
EAP - Access Point PTP or Access Point PTMP Mode
The options below apply only in the following modes:
Access Point PTP, Access Point PTMP AirMax AC, or Access
Point PTMP AirMax Mixed.
EAP Type Select the authentication protocol (EAP-TTLS

or EAP-PEAP) and the inner authentication protocol
(MSCHAPV2).
WPA Anonymous Identity Enter the identification
credential used by the supplicant for EAP authentication
in unencrypted form.
Auth Server IP/Port In the first field, enter the IP
address of the RADIUS authentication server. RADIUS is a WPA User Name Enter the identification credential used
networking protocol providing centralized Authentication, by the supplicant for EAP authentication.
Authorization, and Accounting (AAA) management for WPA User Password Enter the password credential used
computers to connect to and use a network service. by the supplicant for EAP authentication.
In the second field, enter the UDP port of the RADIUS Show Click Show if you want to view the characters of the
authentication server. The most commonly used port is WPA User Password.
1812, but this may vary depending on the RADIUS server
you are using. Signal LED Thresholds
Auth Server Secret Enter the password. A shared You can configure the LEDs on the device to light up
secret is a case-sensitive text string used to validate when received signal levels reach the values defined in
communication between Access Point and RADIUS the following fields. This allows a technician to easily
authentication server. deploy an airOS 8 CPE without logging into the device (for
example, for antenna alignment operation).
Show Click Show if you want to view the characters of the
Auth Server Secret.
Accounting Server If you are using an accounting server,
select this option.
• Accounting Server IP/Port If the Accounting Server is
enabled, enter the IP address of the accounting server. Thresholds, dBm The number of LEDs is device-specific,
In the second field, enter the UDP port of the RADIUS and the default values vary depending on the number of
accounting server. The most commonly used port is LEDs. The specified LED will light up if the signal strength
1813, but this may vary depending on the RADIUS reaches the value set in the field.
server you are using. For example, if the device has four LEDs and the signal
• Accounting Server Secret If the Accounting Server is strength (on the Main tab) fluctuates around -63 dBm,
enabled, enter the password. A shared secret is a case- then the LED threshold values can be set to the following:
sensitive text string used to validate communication -70, -65, -62, and -60.
between two RADIUS devices. Note: The “-” character is outside of the field and
Show Click Show if you want to view the characters of should not be used for the signal strength value
the Accounting Server Secret. specification.
MAC ACL To configure a MAC Access Control List (ACL),
select this option and then configure the Policy setting.

The following table lists the default threshold values for Client Isolation (Available in Access Point PTMP AirMax AC
devices with two, three, four, or six LEDs. and Access Point PTMP AirMax Mixed mode only.) Isolates
traffic between the wireless clients by allowing packets
LED Default Threshold Value to be sent only from the external network to the CPE and
vice versa. If Client Isolation is enabled, wireless stations
Two LEDs connected to the same AP will not be able to interconnect
1 -94 dBm on both the Layer 2 (MAC) and Layer 3 (IP) levels.
2 -65 dBm Multicast Enhancement (Available in Access Point PTMP
modes only.) If clients do not send IGMP (Internet Group
Three LEDs Management Protocol) messages, then they are not
1 -94 dBm registered as receivers of your multicast traffic. Using
IGMP snooping, the Multicast Enhancement option isolates
2 -77 dBm
multicast traffic from unregistered clients and allows the
3 -65 dBm device to send multicast traffic to registered clients using
higher data rates. This lessens the risk of traffic overload
Four LEDs
on PtMP links and increases the reliability of multicast
1 -94 dBm traffic since packets are transmitted again if the first
2 -80 dBm
transmission fails. If clients do not send IGMP messages
but should receive multicast traffic, then you may need to
3 -73 dBm disable the Multicast Enhancement option. By default this
4 -65 dBm option is enabled.
Six LEDs
airMAX Station Priority (Available in Station PTMP mode
only.) It defines the number of time slots (or amount of
1 -94 dBm airtime) assigned to each station. By default the AP gives
2 -88 dBm all active stations the same amount of time. However, if
the stations are configured with different priorities, the
3 -82 dBm AP will give stations more or less time, depending on the
4 -77 dBm priority.
5 -71 dBm
Note: airMAX Station Priority only functions in
Station PTMP mode only.
6 -65 dBm
airMAX Station Priority options include:
• High 4 time slots (4:1 ratio)
• Medium 3 time slots (3:1 ratio)
Advanced
• Base 2 time slots (Default setting for stations; 2:1 ratio)
The Advanced section configures advanced wireless
settings. Only technically advanced users who have • Low 1 time slot (1:1 ratio)
sufficient knowledge about WLAN technology should use Stations with a higher priority have access to more of the
the advanced wireless settings. These settings should not AP’s airtime, providing higher possible throughput and
be changed unless you know the effects the changes will lower latency when sharing with other active stations.
have on the device. For example, if there are 3 stations, 1 set to Base, 1 set to
Medium, and 1 set to High, the Base station will get 2 time
slots, the Medium station will get 3 time slots, and the High
station will get 4 time slots.
Aggregation Frames This option allows the device to

send multiple frames per single access to the medium
by combining frames together into one larger frame. It
creates the larger frame by combining smaller frames
with the same physical source, destination endpoints, and
traffic class (QoS) into one large frame with a common
MAC header. To specify the number of frames that will
be combined in the new larger frame, use the slider. The
default is 32.

airOS v8 User Guide Chapter 4: Network
Chapter 4: Network • Router The device contains two networks or subnets:

a Wide Area Network (WAN) and a LAN. Each wired or
The Network tab allows you to configure bridge or routing wireless interface on the WAN or LAN has an IP address.
functionality and IP settings.
Network Role
airOS 8 supports Bridge and Router modes.
Network Mode Select the Network Mode of the device
(the mode depends on network topology requirements). The following summarizes the differences between Bridge
Bridge mode is adequate for very small networks. Larger and Router modes:
networks have significantly more traffic and need to be Bridge mode:
managed by a device in Router mode to keep broadcast • The device forwards all network management and
traffic within its respective broadcast domain and prevent data packets from one network interface to the other
it from overloading the overall traffic in the network. without any intelligent routing. For simple applications,
• Bridge The device acts as a transparent bridge, operates this provides an efficient and fully transparent network
in Layer 2 (like a managed switch), and usually has only solution.
one IP address (for management purposes only). • There is no network segmentation, and the broadcast
domain is the same. Bridge mode does not block
any broadcast or multicast traffic. You can configure
additional firewall settings for Layer 2 packet filtering
and access control.
• WLAN and LAN interfaces belong to the same network
segment and share the same IP address space. They
form the virtual bridge interface while acting as bridge
ports. The device features IP settings for management
purposes.

Chapter 4: Network airOS v8 User Guide
Router mode: Configuration Mode

• The device operates in Layer 3 to perform routing and The Network page has two views, Simple and Advanced.
enable network segmentation – wireless clients and
the WAN interface are on a different IP subnet. Router
mode blocks broadcasts and can pass through multicast
packet traffic. You can configure additional firewall
settings for Layer 3 packet filtering and access control.
• The device can act as a DHCP server and use Network
Address Translation (Masquerading), which is widely
used by APs. NAT acts as the firewall between the LAN
and WAN.
• In Advanced view, any interface can be selected as the
Simple The following basic configuration settings are
WAN or the LAN, but typical functionality is as follows:
available (advanced configuration settings are hidden):
• Station The WLAN functions as the WAN, and the
• “Network Role” on page 19
Ethernet port functions as the LAN.
• “Configuration Mode” on page 20
• Access Point The Ethernet port functions as the
WAN, and the WLAN functions as the LAN. The following settings are available in Bridge mode only:
• Each wired or wireless interface on the WAN or LAN has • “Management Network Settings” on page 21
its own IP address. The following settings are available in Router mode only:
• For example, Router mode is used in a typical Customer • “WAN Network Settings” on page 22
Premises Equipment (CPE) installation. The device acts
• “LAN Network Settings” on page 25
as the demarcation (demarc) point between the CPE
and Wireless Internet Service Provider (WISP), with the • “Port Forwarding” on page 29
wireless interface of the device connecting to the WISP. • “Multicast Routing Settings” on page 30
There can be only one WAN interface, but there can be Advanced Displays the advanced configuration settings,
many LAN interfaces. in addition to the basic configuration settings:
The following diagram shows the NanoBeam ac at a • “Management Network Settings” on page 21)
residence wirelessly connecting to a WISP tower. (Router mode only)
• “Interfaces” on page 25
NanoBeam ac • “IP Aliases” on page 26
WISP Tower
• “VLAN Network” on page 27
• “Bridge Network” on page 27
• “Firewall” on page 28
• “Static Routes” on page 29
• “Traffic Shaping” on page 30

Management Network Settings Note: In Bridge mode, the gateway IP address

(used for management purposes only) should
Bridge Mode be from the same address space (on the same
network segment) as the device.
-- Primary DNS IP Enter the IP address of the primary
DNS (Domain Name System) server. This is used for
management purposes only.
-- Secondary DNS IP Enter the IP address of the
secondary DNS server. This entry is optional and used
Management Interface (Available in Advanced view.) only if the primary DNS server is not responding. It is
Select the interface used for management. used for management purposes only.
Management IP Address Keep the default, DHCP, if the MTU (Available in Simple view.) Enter the desired MTU
device obtains an IP address from its DHCP server, or click value. The default is 1500.
Static if the device uses a static IP address. STP (Available in Simple view.) Select this option to enable
• DHCP The local DHCP server assigns a dynamic IP the STP feature. Multiple interconnected bridges create
address, gateway IP address, and DNS address to the larger networks. Spanning Tree Protocol (STP) eliminates
device. loops from the topology while finding the shortest path
within a network.
If enabled, the device bridge communicates with other
network devices by sending and receiving Bridge Protocol
Data Units (BPDU). STP should be disabled (default setting)
when the device is the only bridge on the LAN or when
-- DHCP Fallback IP Enter the IP address for the device there are no loops in the topology, as there is no need for
to use if a DHCP server is not found. the bridge to use STP in this case.
-- DHCP Fallback Netmask Enter the netmask for the Management VLAN (Available in Simple view.) Select
device to use if a DHCP server is not found. this option to automatically create a management Virtual
Local Area Network (VLAN). If this option is enabled, the
• Static Assign static IP settings to the device.
device will not be accessible from other VLANs, including
Note: IP settings should be consistent with the tagged VLANs.
address space of the device’s network segment. • VLAN ID Enter a unique VLAN ID from 2 to 4094.
Auto IP Aliasing Select this option to automatically
generate an IP address for the corresponding WLAN/LAN
interface. The generated IP address is a unique Class B IP
address from the 169.254.X.Y range (netmask 255.255.0.0),
which is intended for use within the same network
segment only. The Auto IP always starts with 169.254.X.Y,
with X and Y as the last two octets from the MAC address
of the device. For example, if the MAC is 00:15:6D:A3:04:FB,
-- IP Address Enter the IP address of the device. This IP
then the generated unique Auto IP will be 169.254.4.251.
will be used for device management purposes.
The Auto IP Aliasing setting can be useful because you
-- Netmask Enter the netmask of the device. When the
can still access and manage devices even if you lose,
netmask is expanded into its binary form, it provides
misconfigure, or forget their IP addresses. Because an
a mapping to define which portions of the IP address
Auto IP address is based on the last two octets of the MAC
range are used for the network and which portions
address, you can determine the IP address of a device if
are used for host devices. The netmask defines the
you know its MAC address.
address space of the device’s network segment. The
255.255.255.0 (or “/24”) netmask is commonly used on Router Mode
many Class C IP networks. Management Interface (Available in Advanced view.)
-- Gateway IP Enter the IP address of the gateway device. Select the interface used for management.
Typically, this is the IP address of the host router, which
provides the point of connection to the Internet. This
can be a DSL modem, cable modem, or WISP gateway
router. The device directs data packets to the gateway if
the destination host is not within the local network.

WAN Network Settings Block Management Access To block device management

from the WAN interface, check this box. This feature makes
(Available in Router mode only.) Router mode more secure if the device has a public IP
address.
DMZ DMZ (Demilitarized Zone) specifically allows one
computer/device behind NAT to become “demilitarized”,
so all ports from the public network are forwarded to the
ports of this private network, similar to a 1:1 NAT.
• DMZ Management Ports The airOS device responds to
requests from the external network as if it were the host
device that is specified with the DMZ IP address. DMZ
WAN Interface Select the interface used for connection
Management Ports is disabled by default; the device is
to the external network (Internet).
accessible from the WAN port. If DMZ Management Ports
WAN IP Address The IP address of the WAN interface is enabled, all management ports will be forwarded to
connected to the external network. You can use this IP the device, so you’ll only be able to access the device
address for routing and device management purposes. from the LAN side.
The device can use one of the following: The default values of the management ports are:
• “DHCP” on page 22
• “Static” on page 23 Management Method Management Port
HTTP/HTTPS 80/443 TCP
• “PPPoE” on page 23
SSH 22 TCP
DHCP Telnet 23 TCP
The external DHCP server assigns a dynamic IP address, SNMP 161 UDP
gateway IP address, and DNS address to the device. Discovery 10001 UDP
• DMZ IP Enter the IP address of the local host network

device. The DMZ host device will be completely exposed
to the external network.
Auto IP Aliasing If enabled, automatically generates an
IP address for the corresponding WLAN/LAN interface.
The generated IP address is a unique Class B IP address
from the 169.254.X.Y range (netmask 255.255.0.0), which
is intended for use within the same network segment only.
DHCP Fallback IP Enter the IP address for the device to The Auto IP always starts with 169.254.X.Y, with X and Y
use if an external DHCP server is not found. as the last two octets from the MAC address of the device.
For example, if the MAC is 00:15:6D:A3:04:FB, then the
DHCP Fallback Netmask Enter the netmask for the generated unique Auto IP will be 169.254.4.251.
device to use if an external DHCP server is not found.
MTU (Available in Simple view.) The Maximum can still access and manage devices even if you lose,
Transmission Unit (MTU) is the maximum frame size (in misconfigure, or forget their IP addresses. Because an
bytes) that a network interface can transmit or receive. The Auto IP address is based on the last two octets of the MAC
default is 1500. address, you can determine the IP address of a device if
NAT Network Address Translation (NAT) is an IP you know its MAC address.
masquerading technique that hides private network IP MAC Address Cloning When enabled, you can change
address space (on the LAN interface) behind a single the MAC address of the respective interface. This is
public IP address (on the WAN interface). especially useful if your ISP only assigns one valid IP
NAT is implemented using the masquerade type firewall address and it is associated to a specific MAC address. This
rules. NAT firewall entries are stored in the iptables is usually used by cable operators or some WISPs.
nat table. Specify static routes to allow packets to pass • MAC Address Enter the MAC address you want to clone
through the airOS device if NAT is disabled. to the respective interface. This becomes the new MAC
• NAT Protocol To disable NAT traversal for the SIP, PPTP, address of the interface.
FTP, or RTSP protocols, uncheck the respective box(es).

Static DMZ DMZ (Demilitarized Zone) specifically allows one

computer/device behind NAT to become “demilitarized”,
Assign static IP settings to the device.
so all ports from the public network are forwarded to the
Note: IP settings should be consistent with the ports of this private network, similar to a 1:1 NAT.
address space of the device’s network segment.
• DMZ Management Ports The airOS device responds to
is enabled, all management ports will be forwarded to
the device, so you’ll only be able to access the device
from the LAN side.
The default values of the management ports are:
Management Method Management Port

IP Address Enter the IP address of the device. This IP will
be used for device management purposes. HTTP/HTTPS 80/443 TCP
SSH 22 TCP
Netmask The netmask defines the address space of the
device’s network segment. The 255.255.255.0 (or “/24”) Telnet 23 TCP
netmask is commonly used on many Class C IP networks. SNMP 161 UDP
Gateway IP Typically, this is the IP address of the host Discovery 10001 UDP
router, which provides the point of connection to the
Internet. This can be a DSL modem, cable modem, or • DMZ IP Enter the IP address of the local host network
WISP gateway router. The device directs data packets to device. The DMZ host device will be completely exposed
the gateway if the destination host is not within the local to the external network.
network. Auto IP Aliasing If enabled, automatically generates an
Primary DNS IP Enter the IP address of the primary IP address for the corresponding WLAN/LAN interface.
DNS (Domain Name System) server. This is used for The generated IP address is a unique Class B IP address
management purposes only. from the 169.254.X.Y range (netmask 255.255.0.0), which
is intended for use within the same network segment only.
Secondary DNS IP Enter the IP address of the secondary
The Auto IP always starts with 169.254.X.Y, with X and Y
DNS server. This entry is optional and used only if the
as the last two octets from the MAC address of the device.
primary DNS server is not responding. It is used for
For example, if the MAC is 00:15:6D:A3:04:FB, then the
management purposes only.
generated unique Auto IP will be 169.254.4.251.
MTU (Available in Simple view.) The Maximum
Transmission Unit (MTU) is the maximum frame size (in
can still access and manage devices even if you lose,
bytes) that a network interface can transmit or receive. The
misconfigure, or forget their IP addresses. Because an
default is 1500.
Auto IP address is based on the last two octets of the MAC
NAT Network Address Translation (NAT) is an IP address, you can determine the IP address of a device if
masquerading technique that hides private network IP you know its MAC address.
address space (on the LAN interface) behind a single
MAC Address Cloning When enabled, you can change
public IP address (on the WAN interface).
the MAC address of the respective interface. This is
NAT is implemented using the masquerade type firewall especially useful if your ISP only assigns one valid IP
rules. NAT firewall entries are stored in the iptables address and it is associated to a specific MAC address. This
nat table. Specify static routes to allow packets to pass is usually used by cable operators or some WISPs.
through the airOS device if NAT is disabled.
• MAC Address Enter the MAC address you want to clone
• NAT Protocol To disable NAT traversal for the SIP, PPTP, to the respective interface. This becomes the new MAC
FTP, or RSTP protocols, uncheck the respective box(es). address of the interface.
Block Management Access To block device management
from the WAN interface, check this box. This feature makes
PPPoE
Router mode more secure if the device has a public IP Point-to-Point Protocol over Ethernet (PPPoE) is a virtual
address. private and secure connection between two systems
that enables encapsulated data transport. Subscribers
sometimes use PPPoE to connect to Internet Service
Providers (ISPs), typically DSL providers.

Select PPPoE to configure a PPPoE tunnel. You can • NAT Protocol To disable NAT traversal for the SIP, PPTP,
configure only the WAN interface as a PPPoE client because FTP, or RTSP protocols, uncheck the respective box(es).
all the traffic will be sent via this tunnel. After the PPPoE Block Management Access To block device management
connection is established, the device will obtain the IP from the WAN interface, check this box. This feature makes
address, default gateway IP, and DNS server IP address Router mode more secure if the device has a public IP
from the PPPoE server. The broadcast address is used to address.
discover the PPPoE server and establish the tunnel.
DMZ DMZ (Demilitarized Zone) specifically allows one
If there is a PPPoE connection established, then the IP computer/device behind NAT to become “demilitarized”,
address of the PPP interface will be displayed on the so all ports from the public network are forwarded to the
Main tab next to the PPP interface statistics; otherwise ports of this private network, similar to a 1:1 NAT.
a Not Connected message and Reconnect button will be
displayed. To re-connect a PPPoE tunnel, click Reconnect. • DMZ Management Ports The airOS device responds to
is enabled, all management ports will be forwarded to
the device, so you’ll only be able to access the device
from the LAN side.
The default values of the management ports are:
Management Method Management Port

HTTP/HTTPS 80/443 TCP
Username Enter the username to connect to the PPPoE SSH 22 TCP

server; this must match the username configured on the Telnet 23 TCP
PPPoE server. SNMP 161 UDP
Password Enter the password to connect to the PPPoE Discovery 10001 UDP
server; this must match the password configured on the
PPPoE server. • DMZ IP Enter the IP address of the local host network
device. The DMZ host device will be completely exposed
Show Click Show to view the characters of the password.
to the external network.
Service Name Enter the name of the PPPoE service. This
Auto IP Aliasing If enabled, automatically generates an
must match the service name configured on the PPPoE
IP address for the corresponding WLAN/LAN interface.
server.
The generated IP address is a unique Class B IP address
Fallback IP Enter the IP address for the device to use if from the 169.254.X.Y range (netmask 255.255.0.0), which
the PPPoE server does not assign an IP address. is intended for use within the same network segment only.
Fallback Netmask Enter the netmask for the device to The Auto IP always starts with 169.254.X.Y, with X and Y
use if the PPPoE server does not assign a netmask. as the last two octets from the MAC address of the device.
MTU/MRU The size (in bytes) of the Maximum For example, if the MAC is 00:15:6D:A3:04:FB, then the
Transmission Unit (MTU) and Maximum Receive Unit generated unique Auto IP will be 169.254.4.251.
(MRU) used for data encapsulation during transfer through The Auto IP Aliasing setting can be useful because you
the PPP tunnel. The default value is 1492. can still access and manage devices even if you lose,
Encryption Enables the use of Microsoft Point-to-Point misconfigure, or forget their IP addresses. Because an
Encryption (MPPE). Auto IP address is based on the last two octets of the MAC
address, you can determine the IP address of a device if
MTU (Available in Simple view.) The Maximum you know its MAC address.
Transmission Unit (MTU) is the maximum frame size (in
bytes) that a network interface can transmit or receive. The MAC Address Cloning When enabled, you can change
default is 1500. the MAC address of the respective interface. This is
especially useful if your ISP only assigns one valid IP
NAT Network Address Translation (NAT) is an IP address and it is associated to a specific MAC address. This
masquerading technique that hides private network IP is usually used by cable operators or some WISPs.
address space (on the LAN interface) behind a single
public IP address (on the WAN interface). • MAC Address Enter the MAC address you want to clone
to the respective interface. This becomes the new MAC
NAT is implemented using the masquerade type firewall address of the interface.
rules. NAT firewall entries are stored in the iptables
nat table. Specify static routes to allow packets to pass
through the airOS device if NAT is disabled.

LAN Network Settings -- Netmask Defines the device IP classification for the
chosen IP address range. 255.255.255.0 is a typical
(Available in Router mode only.) netmask value for Class C networks, which support
an IP address range of 192.0.0.x to 223.255.255.x. A
Class C network netmask uses 24 bits to identify the
network (alternative notation “/24”) and 8 bits to
identity the host. The netmask is used to identify the
subnet to which an IP address belongs.
-- Lease Time Defines the duration for which IP
addresses assigned by the DHCP server are valid.
Increasing the time ensures client operation without
interruption, but could introduce potential conflicts.
Decreasing the lease time avoids potential address
LAN Interface In Simple view, the interface is displayed.
conflicts, but might cause more slight interruptions to
Select the interface used for LAN connection. In Advanced
the client while it acquires a new IP address from the
view, click Del to remove the interface. If there is no
DHCP server. The time is expressed in seconds.
interface selected, select an interface from the Add LAN
drop-down list, and click Add. -- DNS Proxy If this option is enabled, the device (LAN
port) will act as the Domain Name System (DNS) proxy
IP Address The IP address of the LAN interface. In case
server, and will forward DNS requests from hosts on
the LAN interface is the bridge, all the bridge ports (i.e.,
the local network to the real DNS server. This option is
Ethernet and WLAN interfaces) will be considered as local
enabled by default. If disabled, specify the following:
network interfaces. This IP will be used for routing of the
local network; it will be the gateway IP for all the devices • Primary DNS Enter the IP address of the primary
on the local network. This IP address can be used for DNS server.
management of the device. • Secondary DNS Enter the IP address of the
Netmask Defines the device IP classification for the chosen secondary DNS server.
IP address range. 255.255.255.0 is a typical netmask value • Relay Relays DHCP messages between DHCP clients
for Class C networks, which support the IP address range and DHCP servers on different IP networks.
of 192.0.0.x to 223.255.255.x. A Class C network netmask
uses 24 bits to identify the network (alternative notation
“/24”) and 8 bits to identify the host. The netmask is used to
identify the subnet to which an IP address belongs.
MTU (Available in Simple view.) The Maximum
Transmission Unit (MTU) is the maximum frame size (in -- DHCP Server IP Enter the IP address of the DHCP
bytes) that a network interface can transmit or receive. The server that should get the DHCP messages.
default is 1500. -- Agent-ID Enter the identifier of the DHCP relay agent.
DHCP Server The built-in DHCP server assigns IP UPnP Enables Universal Plug-and-Play (UPnP) network
addresses to clients connected to the LAN interface. protocol for gaming, video, chat, conferencing, and other
• Disable The device does not assign local IP addresses. applications.
Block Management Access Select this option to block
management access to the LAN.
Add LAN Select an interface, and then click Add.
• Enable The device assigns IP addresses to client devices
on the local network. Interfaces
(Available in Advanced view.) You can configure a different
MTU for any interface. If it is an Ethernet interface, you can
also configure the speed.
-- Range Start, Range End Determines the range of IP

addresses assigned by the DHCP server. Enabled Displays the status of the interface, Enabled (Yes)
or Disabled (No).
Interface Displays the name of the interface.
MTU Displays the MTU value.

Speed Displays the speed of the Ethernet interface. example, you may need multiple IP addresses (one private
Advertised Link Modes Displays the link modes (speed IP address and one public IP address) for a single device. If
and duplex) that will be advertised. a CPE uses PPPoE, the CPE obtains a public PPPoE address,
but the network administrator assigns an internal IP alias
Flow Control By using Flow Control frames (Pause to the device. This way the network administrator can
requests) the device can request to stop transmitting manage the device internally without going through the
data for a period of time. If Tx Flow Control is enabled PPPoE server.
the interface will send Pause frames when the specific
interface usage threshold is met. If Rx Flow Control is
enabled, the interface will process received Pause frames
and will stop transmitting data for a period of time.
Action Click to change the Enabled status, MTU,
Speed, Advertised Link Modes, or Flow Control. The Interface Enabled Displays the status of the IP alias, Yes or No.
window opens: Interface Displays the name of the interface.
IP Address Displays the alternative IP address.
Netmask Displays the network address space identifier
for the IP alias.
Comment Displays a brief description of the purpose for
the IP alias.
Action After an IP alias has been created, you have the
following options:
• Click to make changes to an IP alias. Go to the Add or
Edit an IP Alias section below.
• Click to remove an IP alias.
Add Click Add to create an IP alias. Go to the Add or Edit
an IP Alias section below.
Add or Edit an IP Alias
• Enabled Select this option to enable the interface. The IP Alias window opens:
• Interface Displays the name of the interface.
• MTU Enter the desired MTU value. The default is 1500.
• Speed (Available only if the interface is Ethernet.)
Select the appropriate option: Auto 10/100/1000Mbps,
100Mbps‑Full, 100Mbps‑Half, 10Mbps-Full, or
10Mbps‑Half. We recommend using the default setting,
Auto 10/100/1000Mbps, which is the only mode that
supports gigabit (1000 Mbps) speed. In Auto mode,
the device automatically negotiates transmission
parameters, such as speed and duplex, with its
counterpart. In this process, the networked devices • Enabled Select this option to enable the specific IP
first share their capabilities and then choose the fastest alias. All the added IP aliases are saved in the system
transmission mode they both support. configuration file; however, only the enabled IP aliases
• Advertised Link Modes Select a link mode to advertise are active on the device.
it, or deselect it to keep it from being advertised. Link • Interface Select the appropriate interface.
modes are: 10Mbps-Half, 10Mbps-Full, 100Mbps-Half, • IP Address Enter the alternative IP address for the
100Mbps-Full, 1000Mbps-Half, and 1000Mbps-Full. interface. This can be used for routing or device
• Flow Control Select Receive or Transmit to enable RX or management purposes.
TX flow control. • Netmask Enter the network address space identifier for
Click OK to save changes, or click Cancel to close the the IP alias.
window without saving changes. • Comment You can enter a brief description of the
purpose for the IP alias.
IP Aliases
Click OK to save changes, or click Cancel to close the
(Available in Advanced view.) You can configure IP aliases
window without saving changes.
for the network interfaces for management purposes. For

VLAN Network Bridge Network

(Available in Advanced view.) You can create multiple (Available in Advanced view.) You can create one or
Virtual Local Area Networks (VLANs). Click the VLAN more bridge networks if you need complete Layer 2
Network section to display its contents. transparency. This is similar to using a switch – all traffic
flows through a bridge, in one port and out another
port, regardless of VLANs or IP addresses. For example,
if you want to use the same IP subnet on both sides of a
device, then you create a bridge network. Many different
scenarios could require bridged interfaces, so the Bridge
Enabled Displays the status of the VLAN, Yes or No. Network section is designed to allow flexibility.
Interface Displays the name of the interface. Click the Bridge Network section to display its contents.
VLAN ID Displays the VLAN identifier.

the VLAN.
Action After a VLAN has been created, you have the
following options: Enabled Displays the status of the bridge network,
Enabled (Yes) or Disabled (No).
• Click to make changes to a VLAN. Go to the Add or
Edit a VLAN section below. Interface Displays the name of the interface.
• Click to remove a VLAN. (A VLAN configured as the STP Displays the STP status, Enabled or Disabled.
management interface cannot be deleted.) Ports Displays the ports used for the bridge network.
Add Click Add to create a VLAN. Go to the Add or Edit a Comment Displays a brief description of the purpose for
VLAN section below. the bridge network.
Add or Edit a VLAN Action After a bridge network has been created, you have
the following options:
The VLAN window opens:
• Click to make changes to a bridge network. Go to the
Add or Edit a Bridge Network section below.
• Click to remove a bridge network. (A bridge
configured as a management interface cannot be
deleted.)
Add Click Add to create a bridge network. Go to the Add
or Edit a Bridge Network section below.
Add or Edit a Bridge Network
The Bridge window opens:
• Enabled Select this option to enable the specific
VLAN. All the added VLANs are saved in the system
configuration file; however, only the enabled VLANs are
active on the device.
• Interface Select the appropriate interface.
• VLAN ID Enter the VLAN ID, a unique value assigned to
each VLAN at a single device; every VLAN ID represents
a different VLAN. The VLAN ID range is 2 to 4094.
• Comment You can enter a brief description of the
purpose for the VLAN.
• Enabled Select this option to enable the specific bridge
network. All the added bridge networks are saved in the
system configuration file; however, only the enabled
bridge networks are active on the device.
• Interface Displays the name of the interface.

• STP Select this option to enable the STP feature. Destination Port Displays the destination port of the
Multiple interconnected bridges create larger networks. packet that traverses the firewall rule.
Spanning Tree Protocol (STP) eliminates loops from Comment Displays a brief description of the purpose for
the topology while finding the shortest path within a the firewall rule.
network.
Action After a firewall rule has been created, you have the
If enabled, the device bridge communicates with other following options:
network devices by sending and receiving Bridge
Protocol Data Units (BPDU). STP should be disabled • Click to make changes to a firewall rule. Go to the
(default setting) when the device is the only bridge on Add or Edit a Firewall Rule section below.
the LAN or when there are no loops in the topology, as • Click or to change the order of the firewall rule
there is no need for the bridge to use STP in this case. entries. Order is important in the firewall rules list as
• Ports Select the appropriate ports for your bridge packets traverse the firewall rules sequentially.
network. (Virtual ports are available if you have created • Click to remove a firewall rule.
VLANs.) Add Click Add to create a firewall rule. Go to the Add or
-- Add Select an Available Port and click Add. Edit a Firewall Rule section below.
-- Remove Select a Selected Port and click Remove. Add or Edit a Firewall Rule
• Comment You can enter a brief description of the The Firewall Rule window opens:
purpose for the bridge network.
Firewall
(Available in Advanced view.) You can configure firewall
rules for the network interfaces. All active firewall entries
are stored in the FIREWALL chain of the ebtables filter
table in Bridge mode, or the iptables filter table in Router
mode. (The ebtables table is a transparent link layer
filtering tool used on bridge interfaces, that allows the
filtering of network traffic passing through a bridge.)
Packets are processed by sequentially traversing the
firewall rules.
Click the Firewall section to display its contents.
firewall rule. All the added firewall rules are saved in the
system configuration file; however, only the enabled
firewall rules are active on the device.
• Target To allow packets to pass through the firewall
Firewall Select this option to enable firewall functionality. unmodified, select ACCEPT. To block packets, select
Enabled Displays the status of the firewall rule, Enabled DROP.
(Yes) or Disabled (No). • Interface Select the appropriate interface where the
Position Displays the order of the firewall rules. firewall rule is applied. To apply the firewall rule to all
interfaces, select ANY.
Target Displays the firewall action for packets, Accept or
Drop. • IP Type Select which specific Layer 3 protocol type: IP,
ICMP, TCP, or UDP should be filtered.
Interface Displays the interfaces specified by the
firewall rule. • Source IP/Mask Enter the source IP of the packet
(specified within the packet header). Usually it is the IP
IP Type Displays the specific Layer 3 protocol type: IP, of the host system that sends the packets. The mask is in
ICMP, TCP, or UDP being filtered. slash notation (also known as CIDR format). For example,
Source IP/Mask Displays the source IP/mask of the if you enter 192.168.1.0/24, you are entering the range
packet that traverses the firewall rule. of 192.168.1.0 to 192.168.1.255.
Source Port Displays the source port of the packet that -- Invert Select this option to invert the Source IP/Mask
traverses the firewall rule. filtering criterion. For example, if you enable Invert for
Destination IP/Mask Displays the destination IP/mask of the specified Source IP a.b.c.d, then the filtering criteria
the packet that traverses the firewall rule. will be applied to all the packets sent from any Source
IP except a.b.c.d.

• Source Port Enter the source port of the packet Action After a static route has been created, you have the
(specified within the packet header). Usually it is the following options:
port of the host system application that sends the • Click to make changes to a static route. Go to the Add
packets. or Edit a Static Route section below.
-- Invert Select this option to invert the Source Port. • Click to remove a static route.
Select this option to invert the Source Port filtering
Add Click Add to create a static route. Go to the Add or
criterion. For example, if you enable Invert for the
Edit a Static Route section below.
specified Source Port 2500, then the filtering criteria
will be applied to all the packets sent from any Source Add or Edit a Static Route
Port except 2500. The Route window opens:
• Destination IP/Mask Enter the destination IP of the
packet (specified within the packet header). Usually it
is the IP of the system which the packet is addressed
to. The mask is in slash notation (also known as CIDR
format). For example, if you enter 192.168.1.0/24, you
are entering the range of 192.168.1.0 to 192.168.1.255.
-- Invert Select this option to invert the Destination IP/
Mask filtering criterion. For example, if you enable
Invert for the specified Destination IP a.b.c.d, then the
filtering criteria will be applied to all the packets sent
to any Destination IP except a.b.c.d.
• Enabled Select this option to enable the specific static
• Destination Port Enter the destination port of the
route. All the added static routes are saved in the system
packet (specified within the packet header). Usually it is
configuration file; however, only the enabled static
the port of the host system application which the packet
routes are active on the device.
is addressed to.
• Target Network IP Enter the IP address of the
-- Invert Select this option to invert the Destination Port
destination.
filtering criterion. For example, if you enable Invert
for the specified Destination Port 23, then the filtering • Netmask Enter the netmask of the destination.
criteria will be applied to all the packets sent to any • Gateway IP Enter the IP address of the gateway.
Destination Port except 23.
• Comment You can enter a brief description of the
• Comment You can enter a brief description of the purpose for the static route.
purpose for the firewall rule.
Click OK to save changes, or click Cancel to close the window without saving changes.
Port Forwarding
Static Routes (Available in Router mode only.) Port forwarding allows
(Available in Advanced view.) You can manually add specific ports of the hosts on the local network to be
static routing rules to the system routing table; you can forwarded to the external network (WAN). This is useful
set a rule that a specific target IP address (or range of IP for a number of applications (such as FTP servers, VoIP,
addresses) passes through a specific gateway. Click the gaming) that require different host systems to be seen
Static Routes section to display its contents. using a single common IP address/port. Click the Port
Forwarding section to display its contents.
Enabled Displays the status of the route, Enabled (Yes) or

Disabled (No). Port Forwarding Select this option to enable port
Target Network IP Displays the IP address of the forwarding functionality.
destination. Enabled Enables the specific port forwarding rule. All
Netmask Displays the netmask of the destination. the added port forwarding rules are saved in the system
Gateway IP Displays the IP address of the gateway. configuration file; however, only the enabled port
forwarding rules are active on the device.
the static route. Interface Displays the interface to which the port
forwarding rule will be applied.

Private IP Displays the IP address of the local host that • Type Enter the Layer 3 protocol (IP) type that needs to
needs to be accessible from the external network. be forwarded from the local network.
Private Port Displays the TCP or UDP port of the • Source IP/Mask Enter the IP address and netmask of
application running on the local host. The specified port the source device.
will be accessible from the external network. • Public IP/Mask Enter the public IP address and
Type Displays the Layer 3 protocol (IP) type that needs to netmask of the device that will accept and forward the
be forwarded from the local network. connections from the external network to the local host.
Source IP/Mask Displays the IP address and netmask of • Public Port Enter the TCP or UDP port of the device
the source device. that will accept and forward the connections from the
Public IP/Mask Displays the public IP address and external network to the local host.
netmask of the device that will accept and forward the • Comment Enter a brief description of the port
connections from the external network to the local host. forwarding functionality, such as FTP server, web server,
Public Port Displays the TCP or UDP port of the device or game server.
that will accept and forward the connections from the Click OK to save changes, or click Cancel to close the
external network to the local host. window without saving changes.
Comment Displays a brief description of the port
forwarding functionality, such as FTP server, web server, or
Multicast Routing Settings
game server. (Available in Router mode only.) With a multicast design,
applications can send one copy of each packet and
Action After a port forwarding rule has been created, you
address it to a group of computers that want to receive it.
have the following options:
This technique addresses packets to a group of receivers
• Click to make changes to a port forwarding rule. Go rather than to a single receiver. It relies on the network
to the Add or Edit a Port Forwarding Rule section below. to forward the packets to the hosts that need to receive
• Click to remove a port forwarding rule. them. Common routers isolate all the broadcast (thus
Add Click Add to create a port forwarding rule. Go to the multicast) traffic between the local and external networks;
Add or Edit a Port Forwarding Rule section below. however, the device provides multicast traffic pass-
through functionality. Click the Multicast Routing Settings
Add or Edit a Port Forwarding Rule section to display its contents.
The Port Forward window opens:
Multicast Routing Settings Select this option to enable

multicast packet pass-through between local and external
networks while the device is operating in Router mode.
Multicast intercommunication is based on Internet Group
Management Protocol (IGMP).
Multicast Upstream Select the source of multicast traffic.
Multicast Downstream Enter the destination(s) of
multicast traffic.
• Add Select an Available Interface and click Add.
• Remove Select a Selected Interface and click Remove.
• Enabled Select this option to enable the specific static
route. All the added static routes are saved in the system Traffic Shaping
configuration file; however, only the enabled static (Available in Advanced view.) Traffic Shaping controls
routes are active on the device. bandwidth from the perspective of the client. Bursting
• Interface Select the interface to which the port allows fast downloads when a user downloads small files
forwarding rule will be applied. (for example, viewing different pages of a website), but
• Private IP Enter the IP address of the local host that prevents a user from using excessive bandwidth when
needs to be accessible from the external network. downloading large files (for example, streaming a movie).
• Private Port Enter the TCP or UDP port of the
application running on the local host. The specified port
will be accessible from the external network.

As Layer 3 QoS, you can limit the traffic at the device at Add or Edit a Traffic Shaper Rule
the interface level, based on a rate limit you define. Each
The Traffic Shaper Rule window opens:
interface has two types of traffic:
• Ingress traffic entering the interface
• Egress traffic exiting the interface
We recommend using Traffic Shaping to control egress
traffic, because it is more efficient in the egress direction.
When an interface accepts ingress traffic, it cannot control
how quickly the traffic arrives – the sending device
controls that traffic. However, when an interface sends out
egress traffic, it can control how quickly the traffic exits.
Bursting allows the bandwidth to spike higher than the
maximum bandwidth you configure in the Ingress and
Egress Rate settings – for a short period of time. Once the
Ingress or Egress Burst (volume of data) is used up, the
throughput drops back down to the corresponding Ingress
or Egress Rate setting (maximum bandwidth) you have set.
rule. All the added rules are saved in the system
For example, you have the following conditions: configuration file; however, only the enabled rules are
• Egress Burst is set to 2048 kBytes. active on the device.
• Egress Rate is set to 512 kbit/s. • Interface Select the appropriate interface.
• Actual maximum bandwidth is 1024 kbit/s. • Ingress Select this option to enable the ingress values.
Bursting allows 2048 kBytes to pass at 1024 kbit/s before -- Rate Enter the maximum bandwidth value (in kilobits
throttling down to 512 kbit/s. per second) for traffic entering the specified interface.
Click the Traffic Shaping section to display its contents. -- Burst Enter the data volume (in kilobytes) that is
allowed before the ingress maximum bandwidth
applies.
• Egress Select this option to enable the egress values.
-- Rate Enter the maximum bandwidth value (in kilobits
per second) for traffic exiting the specified interface.
Traffic Shaping Select this option to enable bandwidth
control on the device. -- Burst Enter the data volume (in kilobytes) that is
allowed before the egress maximum bandwidth
Enabled Displays the status of the rule, Enabled (Yes) or
applies.
Disabled (No).
Interface Displays the name of the interface.
Ingress Displays the Ingress status, Enabled or Disabled.
Ingress Rate, kbps Displays the maximum ingress
bandwidth.
Ingress Burst, kB Displays the maximum amount of data
in kilobytes allowed to burst beyond the Ingress Rate.
Egress Displays the Egress status, Enabled or Disabled.
Egress Rate, kbps Displays the maximum egress
bandwidth.
Egress Burst, kB Displays the maximum amount of data
in kilobytes allowed to burst beyond the Egress Rate.
Action After a traffic shaper rule has been created, you
have the following options:
• Click to make changes to a traffic shaper rule. Go to
the Add or Edit a Traffic Shaper Rule section below.
• Click to remove a traffic shaper rule.
Add Click Add to create a traffic shaper rule. Go to the
Add or Edit a Traffic Shaper Rule section below.


airOS v8 User Guide Chapter 5: Services
Chapter 5: Services Ping Interval Enter the time interval (in seconds)
between the ICMP echo requests that are sent by Ping
The Services page configures system management Watchdog. The default value is 300 seconds.
services: Ping Watchdog, SNMP, servers (web, SSH, Telnet), Startup Delay Enter the initial time delay (in seconds)
NTP, DDNS, system log, and device discovery. until the first ICMP echo request is sent by Ping Watchdog.
The default value is 300 seconds.
Ping Watchdog The Startup Delay value should be at least 60 seconds
Ping Watchdog sets the device to continuously ping a as the network interface and wireless connection
user-defined IP address (it can be the Internet gateway, initialization takes a considerable amount of time if the
for example). If it is unable to ping under the user-defined device is rebooted.
constraints, then the device will automatically reboot. This Failure Count to Reboot Enter the number of ICMP
option creates a kind of “fail-proof” mechanism. echo response replies. If the specified number of ICMP
Ping Watchdog is dedicated to continuous monitoring of echo response packets is not received continuously, Ping
the specific connection to the remote host using the Ping Watchdog will reboot the device. The default value is 3.
tool. The Ping tool works by sending ICMP echo request Save Support Info Select this option to generate a
packets to the target host and listening for ICMP echo support information file in case the Ping Watchdog will
response replies. If the defined number of replies is not reboot the device.
received, the tool reboots the device.
Ping Watchdog Select this option to enable use of Ping

Watchdog.
IP Address To Ping Enter the IP address of the target host
to be monitored by Ping Watchdog.

Chapter 5: Services airOS v8 User Guide
SNMP Agent SSH Server

Simple Network Management Protocol (SNMP) is an This section manages the SSH Server parameters.
application layer protocol that facilitates the exchange
of management information between network
devices. Network administrators use SNMP to monitor
network‑attached devices for issues that warrant
attention. SSH Server SSH access to the device is enabled by
The device contains an SNMP agent, which does the default.
following: Server Port Enter the TCP/IP port of the SSH server. The
• Provides an interface for device monitoring using SNMP default is 22.
• Communicates with SNMP management applications Password Authentication Enabled by default. You must
for network provisioning authenticate using administrator credentials to grant
SSH access to the device; otherwise, an authorized key is
• Allows network administrators to monitor network
required.
performance and troubleshoot network problems
Authorized Keys Click Edit to import a public key file
for SSH access to the device instead of using an admin
password. The SSH Authorized Keys window opens.
For the purpose of equipment identification, configure the

SNMP agent with contact and location information:
SNMP Agent Select this option to enable the SNMP
agent.
SNMP Community Enter the SNMP community string.
It is required to authenticate access to Management
Information Base (MIB) objects and functions as an
embedded password. The device supports a read-only
community string; authorized management stations • Browse Use this option to add a new key. Click Browse
have read access to all the objects in the MIB except the to locate the new key file. Select the file and click Open
community strings, but do not have write access. The to import the file for SSH access.
device supports SNMP v1. The default is public. • Enabled Select this option to enable the specific
Contact Enter the name of the contact who should be key. All of the added keys are saved in the system
notified in case of emergency. configuration file; however, only the enabled keys are
Location Enter the physical location of the device. active on the device.
• Type Displays the type of key.
Web Server
• Key Displays the key.
This section manages the Web Server parameters.
• Comment You can enter a brief description of the key.
You can edit this field for multiple keys at the same time.
• Action You have the following options:
-- Remove Deletes a public key file.
Web Server HTTP service is enabled by default. • OK Click OK to save changes.
Secure Connection (HTTPS) Secure HTTPS mode is • Cancel Click Cancel to discard changes.
enabled by default.
Secure Server Port If secure HTTPS mode is enabled, Telnet Server
enter the TCP/IP port of the web server. The default is 443. This section manages the Telnet Server parameters.
Server Port If HTTP mode is enabled, enter the TCP/IP
port of the web server. The default is 80.
Session Timeout Enter the maximum timeout before
the session expires. Once a session expires, you must log Telnet Server Select this option to enable Telnet access
in again using the username and password. The default is to the device.
15 minutes.
Server Port Enter the TCP/IP port of the Telnet server. The
default is 23.

airOS v8 User Guide Chapter 5: Services
NTP Client System Log Enabled by default. The device runs the
registration routine of system log (syslog) messages.
Network Time Protocol (NTP) is a protocol for
synchronizing the clocks of computer systems over Remote Log Select this option to enable the syslog
packet-switched, variable-latency data networks. You remote sending function. System log messages are sent
can use it to set the real system time on the device. to a remote server, which is specified in the Remote Log IP
If the System Log option is enabled, then the system Address and Remote Log Port fields.
time is reported next to every log entry that registers a Remote Log IP Address Enter the host IP address that
system event. receives syslog messages. Properly configure the remote
host to receive syslog protocol messages.
Remote Log Port Enter the TCP/IP port that receives
syslog messages. 514 is the default port for commonly
NTP Client Select this option to enable the device to used system message logging utilities.
obtain the system time from a time server on the Internet.
Device Discovery
NTP Server Enter the IP address or domain name of the
NTP server. The default is: 0.ubnt.pool.ntp.org This section manages the Device Discovery parameters.
Dynamic DNS
Domain Name System (DNS) translates domain names
to IP addresses; each DNS server on the Internet holds Discovery Enabled by default. The device can be
these mappings in its respective DNS database. Dynamic discovered by other Ubiquiti devices or by the Ubiquiti
Domain Name System (DDNS) is a network service that Device Discovery tool which you can download from:
notifies the DNS server in real time of any changes in the http://www.ubnt.com/download/
device’s IP settings. Even if the device’s IP address changes, CDP Select this option to enable Cisco Discovery Protocol
you can still access the device through its domain name. (CDP) communications, so the device can send out CDP
packets to share its information.
Dynamic DNS Select this option to enable the device to

communicate with the DDNS server.
Service If available, select your DDNS service provider
from the drop-down list.
Host Name Enter the host name of the device, that has to
be updated on the DDNS server. For example:
sample.ddns.com
Username Enter the user name of the DDNS account.
Password Enter the password of the DDNS account.
Show Click Show to display the password characters.
System Log
Every logged message contains at least a system time and
specific service name that generates the system event.
Messages from different services have different contexts
and different levels of detail. Usually error, warning, or
informational system service messages are reported;
however, more detailed debug level messages can also
be reported. The more detailed the system messages
reported, the greater the volume of log messages
generated.

Chapter 5: Services airOS v8 User Guide

airOS v8 User Guide Chapter 6: System
Chapter 6: System Upload Firmware Click Upload to locate the new

firmware file. Select the file and click Open to upload
The System page contains administrative options. This the file.
page enables the administrator to reboot the device, reset Note: The device firmware update is compatible
it to factory defaults, upload new firmware, back up or with all configuration settings. The system
update the configuration, and configure the administrator configuration is preserved while the device is
account. updated with a new firmware version. However, we
recommend that you back up your current system
Firmware Update configuration before updating the firmware
This section manages the firmware maintenance.
The uploaded firmware file is displayed. You have two
options:
• Update Click Update to confirm. After the device
reboots, the firmware update process will be completed.
Firmware Version Displays the current firmware version. • Discard Click Discard to cancel.
Build Number Displays the build number of the firmware If the firmware update is in process, you can close the
version. firmware update window, but this does not cancel the
Check for Updates Enabled by default, this option firmware update. Please be patient, as the firmware
automatically checks for firmware updates. To manually update routine can take three to seven minutes. You
check for an update, click Check Now. cannot access the device until the firmware update
routine is completed.
If an update is found, click Download to download the
update. Otherwise, click Dismiss to cancel. WARNING: Do not power off, do not reboot, and
After you click Download, the Ubiquiti Firmware License do not disconnect the device from the power
Agreement window appears. Click Agree to accept the supply during the firmware update process as
terms of the license agreement. On the System page, click these actions will damage the device!
Upload to upload the downloaded firmware to the device.
Chapter 6: System airOS v8 User Guide
Device
The Device Name (host name) is the system-wide device
identifier. The SNMP agent reports it to authorized
management stations. The Device Name will be used in
popular router operating systems, registration screens,
and discovery tools.
Device Model Displays the abbreviated model name of

the device.
Device Name Enter a host name or identifier for the
device.
4. In the Company Name field, enter the company name
Interface Language Select the language used in the web you provided when you requested the activation key.
management interface. English is the default language.
5. In the Key field, enter the activation key.
External Reset Select this option to enable remote PoE
6. Click Activate.
reset functionality. To prevent an accidental reset to
default settings, disable this option (disables the remote 7. Apply the FCC labels to the appropriate device(s).
PoE reset functionality). WARNING: Enabling the new UNII rules will reduce
Note: The External Reset option is not supported on EIRP limits for the UNII-3 (5.8 GHz) band. Note:
the following models: Activating new rules on longer-distance links
may affect performance. Device will restart after
• LBE-5AC-23
activation and new rules will be in effect.
• LBE-5AC-16-120
• NBE-5AC-16 Date Settings
• PBE-5AC-300
• PBE-5AC-400
• PBE-5AC-300-ISO
• PBE-5AC-400-ISO
Time Zone Select the appropriate time zone according to
Note: You can reset the device to default settings
Greenwich Mean Time (GMT).
through Configuration Management > Reset to
Factory Defaults on this page. You can also reset Startup Date To change the device’s startup date,
the device using the hardware reset button (it will select this option, and then specify the date. You have
remain functional even if the External Reset option two options:
is not selected). • Manual Enter the startup date.
Revised UNII Rules This option is available if DFS • Calendar Click the 31 icon to display the monthly
(Dynamic Frequency Selection) frequencies in the UNII-2 calendar. Then, click the startup date.
band (5.25 - 5.725 GHz) should be available for your device
but are locked. To unlock the DFS frequencies, follow
these instructions:
1. Visit www.ubnt.com/fcclabelrequest and follow the
online instructions to request the activation key and
FCC labels.
2. After you have received your activation key and FCC
labels, click Activate next to Revised UNII Rules.
3. The Revised UNII Rules window appears.

airOS v8 User Guide Chapter 6: System
System Accounts Location

You can change the administrator password to protect (Not available on Rocket 5ac Prism, which features built-in
your device from unauthorized changes. We recommend GPS functionality.)
that you change the default administrator password Latitude and longitude define the device’s coordinates.
during the very first system setup:
Latitude Enter the latitude of the device’s location. Valid

values for latitude are -90 to +90.
Administrator Username Enter the name of the
administrator. Longitude Enter the longitude of the device’s location.
Valid values for longitude are -180 to +180.
Change Password Click Change to change the
administrator password. The Change Password Device Maintenance
window opens:
This section manages the device maintenance routines:
reboot, reset the device to factory default settings, the
device configuration routines, and support information
reports.
Reboot Device Click Reboot... to initiate a full reboot

• Current Password Enter the current password for the cycle of the device. Reboot is the same as the hardware
administrator account. This is required to change the reboot, which is similar to the power-off and power-on
Password or Administrator Username. cycle. The system configuration stays the same after the
reboot cycle completes. Any changes that have not been
• New Password Enter the new password for the
applied are lost.
administrator account. airOS will indicate that the
password is Too Short if it has fewer than eight Reset to Factory Defaults Click Reset... to reset the
characters. As you enter the new password, airOS will device to the factory default settings. This option will
indicate its strength: Weak, Normal, or Strong. reboot the device, and all factory default settings will be
restored. We recommend that you back up your current
Note: The password length is 4 characters system configuration before resetting the device to its
minimum and 63 characters maximum; we defaults.
recommend using at least 8 characters.
Back Up Configuration Click Back Up Configuration to
• Verify New Password Re-enter the new password for download the current system configuration file.
the administrator account.
Note: We strongly recommend that you save the
• Change Click Change to save the new password. configuration file in a secure location because
• Cancel Click Cancel to discard the new password. the configuration file includes confidential
Read-Only Account Select this option to create a read- information, such as WPA2 keys in plain text.
only user account. Then, enter the following information: Upload Configuration Click Upload Configuration to
• Read-Only Account Name Enter the account name. locate the new configuration file. Select the file and click
Open to upload the file. We recommend that you back up
• Change Read-Only User Password Click Change to set
your current system configuration before uploading the
or change the read-only account password. Enter the
new configuration.
new password, enter it again to verify, and click Change
to save or Cancel to exit without saving. Note: Use only configuration files for the same
type of the device. Behavior may be unpredictable
if you mix configuration files from different types
of devices. (For example, upload an R5AC-Lite
configuration file to an R5AC-Lite; do NOT upload
an R5AC-Lite configuration file to an R5AC-PTP.)

Chapter 6: System airOS v8 User Guide
The uploaded configuration file is displayed. You have two

options:
• Apply Click Apply to confirm. After the device reboots,
the settings of the new configuration are displayed in
the web management interface.
• Discard Click Discard to cancel.
Download Support Info Click Download Support Info
to generate and download a support information file
that Ubiquiti support engineers can use when providing
customer support. This file only needs to be generated at
their request.

airOS v8 User Guide Chapter 7: airMagic
Chapter 7: airMagic • Selected Channel This is the currently selected

channel.
Note: The airMagic tool is available only if the • Carrier Frequency This indicates the carrier
Wireless Mode is set to an AP mode. For information frequency of the selected channel.
on the Wireless Mode, refer to “Wireless Mode” on • Select Channel Width The list of available channel
page 13. widths (determined by the Wireless Mode setting; for
details, see “Channel Width” on page 15). The
The airMagic page displays the airMagic tool. Using a
highlight indicates the current channel width setting
dedicated co-processor, airOS 8 collects network-wide
(specified by the Channel Width option in Settings >
RF metrics to make real-time scheduling decisions.
Wireless). The channel width information includes:
airMagic provides system-based spectrum analysis and
recommends the top three channels based on spectral • Channel The width of the channel in MHz
efficiency, capacity, and remote/local RF environment • Max Spectral Efficiency The channel’s maximum
reporting. spectral efficiency expressed as Mbps/MHz.
• Max Capacity A bar graph showing the maximum
airMagic Display capacity of the channel.
The airMagic page displays channel information on the
The right side of the window displays the following:
left, and spectral analysis information on the right. The left
side of the window displays the following:
• Active Channel Blue cross-hatching indicates the

currently active channel.
• Restricted White cross-hatching indicates restricted

channels (determined by your country code).

Chapter 7: airMagic airOS v8 User Guide
• DFS Dynamic Frequency Selection (DFS) frequencies Using airMagic

are indicated by magenta.
Follow these instructions to use airMagic:
1. If the airMagic page is not displayed, click the icon in
the navigation bar on the left of the interface.
• Average Power Shows how to interpret the colors 2. The airMagic page appears. Wait for airMagic to make
in the display. Red indicates the highest interference its calculations; when done, it displays its results.
levels; blue indicates the lowest interference levels.
3. If you want to change the channel width (the current
channel width is highlighted on the left side of the
window), select the new channel width now.
• AP A graphical representation of the spectrum usage Note: In general, a smaller channel size is
near the AP. preferable, since it yields better spectral efficiency
for higher-capacity data networks while also
scaling better, allowing for more co-located
networks.
• CPE A graphical representation of the spectrum 4. On the right side of the window, airMagic identifies the
usage near each CPE device in the network (the three channels that it has determined to be the best. To
devices are numbered consecutively starting select one of these channels, click its tag and click Save
from 1). If you position the cursor over a particular Changes.
CPE, airMagic displays the following information 5. The Access Point will now have the new channel
for the CPE: MAC, Model, Name, Last IP, Signal settings.
TX/RX, Connection Time, and Distance. If a CPE is Depending on their settings, the stations may become
disconnected, the CPE’s row becomes gray. disconnected. If this happens, modify the channel settings
on the stations to allow them to reconnect to the AP.
Note: A station will remain connected only if its
Channel Width is set to either Auto 20/40/80 MHz
(Station PTP mode) or Auto 20/40 MHz (Station
PTMP mode) and the AP’s new channel width is
one of the Auto channel widths.
• Tags above the spectral display identify the three

channels that airMagic has determined to be the
best based on spectral efficiency, capacity, and
remote/local RF environment reporting. Tags are
labeled with the channel’s carrier frequency and
aggregate spectral efficiency in Mbps/MHz. Place the
cursor over a tag to highlight the channel. Click the
tag to select the channel (it will be displayed as the
Selected Channel on the left side of the window).

airOS v8 User Guide Chapter 8: Tools and Information
Chapter 8: Tools and airView

The airView® Spectrum Analyzer allows you to identify
Information noise signatures so you can plan your wireless network to
optimize RF performance and minimize interference.
Each page of the airOS interface contains the icon
which provides links to tools and information. The icon is airView constantly monitors RF environmental noise and
found near the upper-right corner of the window. displays energy data points in multiple spectral views at a
rapid frame rate.
When you click the following list of network
administration and monitoring tools is displayed: Powered by a second, dedicated radio, airView runs 100%
in the background without disabling the wireless link.
• “airView” on page 43
• “Alignment” on page 45
• “Discovery” on page 45
• “Site Survey” on page 46
• “Ping” on page 46
• “Traceroute” on page 47
• “Speed Test” on page 47
Click near the bottom-left corner of any window to
display log information (refer to “Log” on page 48).

Chapter 8: Tools and Information airOS v8 User Guide
Use the controls in the upper-right corner to maximize or Waterfall View

close the airView window.
You can place the cursor at a specific frequency to
highlight that frequency across the three spectral views,
each of which represents different data.
This time-based graph shows the aggregate energy

collected since the start of the airView session for each
frequency. The power of the energy (in dBm) is displayed
across the frequency span, and a new row is inserted every
few seconds.
The energy color designates the amplitude (or strength)
of the signal. Cooler colors represent lower energy
levels (with blue representing the lowest levels) in that
frequency bin, and warmer colors (yellow, orange, or red)
represent higher energy levels in that frequency bin.
The legend at the top-right corner provides a numerical
guide associating the various colors to power levels (in
dBm). The low end of that legend (left) is always adjusted
to the calculated noise floor, and the high end (right) is set
to the highest detected power level since the start of the
airView session.
These are the three views:
• “Waveform View” on page 44 Ambient Noise Level
• “Waterfall View” on page 44
• “Ambient Noise Level” on page 44
Waveform View
This activity-based graph shows the aggregate energy

collected since the start of the airView session. The power
of the energy (in dBm) is shown across the frequency span. This time-based graph shows the ambient energy (in dBm)
Cooler colors (such as blue and darker colors) represent per minute or per hour as a function of frequency. Select
energy of a specific strength and frequency appearing Minute Peak (default) or Hour Average to set the time
at a relatively low occurrence rate, whereas increasingly interval. The graph initially shows data for the most recent
warmer colors (from green to yellow to orange to red) minute or hour, as shown by the first graph above. Data
represent energy of a specific strength and frequency for each subsequent minute or hour is added to the graph
appearing at a higher rate of occurrence. until there are 24 minutes or 24 hours of data, as shown by
the second graph above. After that, only the most recent
Note: Energy is the power ratio in decibels (dB) of the
24 minutes or 24 hours are shown.
measured power referenced to one milliwatt (mW).
The energy color designates the amplitude (or strength) of
The spectral view over time essentially displays the steady- the ambient noise. Cooler colors represent lower energy
state RF energy signature of a given environment. levels (with blue representing the lowest levels) in that
The legend at the top-right corner provides a numerical frequency bin, and warmer colors (yellow, orange, or red)
guide associating the various colors to probability levels, represent higher energy levels in that frequency bin.
from 0 (least likely to occur) to 1 (most likely to occur). The legend at the top-right corner provides a numerical
guide associating the various colors to power levels
(in dBm).

Alignment Discovery
Use this tool to point and optimize the antenna in the The Device Discovery tool searches for all Ubiquiti devices
direction of maximum link signal. The Antenna Align Tool on your network.
window reloads every second.
Signal Level Displays the signal strength of the last

received packet.
Search As you enter keywords, the Search field
• Current Signal Displays the current signal level. automatically filters the device results.
• Max Signal Reached Displays the maximum signal The Device Discovery tool reports the following for each
level reached. result:
Chain Displays the wireless signal level (in dBm) of each MAC Address Displays the MAC address or hardware
chain, if there is more than one chain. (The number of identifier of the device.
chains is device-specific.)
Device Name Displays the hostname or identifier of the
• Current Signal Displays the current signal level of the device.
chain.
Mode Displays the operating mode of the wireless device,
• Max Signal Reached Displays the maximum signal AP or STA (Station).
level reached by the chain.
SSID Displays the wireless network name.
Max Signal Displays the maximum signal strength
Product Displays the product name.
(in dBm). Use the slider to adjust the range of the Signal
Level and Chain meters to be more sensitive to signal Firmware Displays the version number of the device’s
fluctuations (it changes an offset of the maximum firmware.
indicator value). IP Address Displays the IP address of the device.
Audio Indicator Enabling the audio option allows a To access a device configuration through its web
technician to align the antenna of an airMAX ac device management interface, click the device’s IP address.
without looking at the airOS Configuration Interface. The Scan To refresh the device discovery results, click Scan.
higher the pitch, the stronger the signal strength. Each
rise in pitch correlates to an increase in the received signal
level.

Site Survey Ping

The Site Survey tool searches for wireless networks in range You can ping other devices on the network directly from
on all supported frequencies. the device. The Ping tool uses Internet Control Message
Protocol (ICMP) packets to check the preliminary link
quality and packet latency estimation between two
network devices.
Scanned Frequencies Displays the scanned frequencies

list. In Station PTP or Station PTMP mode, you can edit this Select Destination IP You have two options:
list; for details, see “Control Frequency Scan List, MHz” • Select a remote system IP from the drop-down list,
on page 15. which is generated automatically.
Graphical View Displays a graphical view of the signal • Select specify manually and enter the IP address in the
strength in dBm for each connected device. field displayed below.
Search As you enter keywords, the Search field Click the icon to refresh the list of remote system IP
automatically filters the device results. addresses.
The Site Survey tool reports the following for each result: Packet Count Enter the number of packets to send for
MAC Address Displays the MAC address of the wireless the ping test.
interface of the device. Packet Size Enter the size of the packet.
SSID Displays the wireless network name. Start Click Start to start the test.
Device Name Displays the hostname or identifier of the After the test is completed, the Ping tool reports the
device. following information for each packet sent:
Radio Mode Displays the technology used by the device, Host Displays the IP address of the remote host.
airMAX AC for airMAX ac devices.
Time Displays the round-trip time in ms.
Encryption Displays the encryption method, WPA2 or
NONE. TTL Displays the Time To Live (TTL), the number of hops
allowed before the ping test fails.
Signal/Noise, dBm Displays the signal strength and noise
values. Results The Ping tool reports packet loss statistics and
round-trip time evaluation:
Frequency, GHz Displays the frequency used by the
device. • Packet Loss Displays the percentage of packets lost
and number of packets received.
Scan To refresh the site survey results, click Scan.
• Min Displays the minimum round-trip time in ms.
• Avg Displays the average round-trip time in ms.
• Max Displays the maximum round-trip time in ms.

Traceroute Select Destination IP You have two options:

The Traceroute tool traces the hops from the device to a • Select a remote system IP from the drop-down list,
specified destination host name or IP address. Use this which is generated automatically.
tool to find the route taken by ICMP packets across the • Select specify manually and enter the IP address in the
network to the destination host. field displayed below.
Click the icon to refresh the list of remote system IP
addresses.
Remote WEB port Enter the remote web port of the
airOS device to establish a TCP/IP-based throughput test
(for example, specify port 443 if HTTPS is enabled on the
remote device). The default is 80.
User Enter the administrator username.
Note: Enter the remote system access credentials
required for communication between two airOS
devices. Administrator username and password
are required to establish the TCP/IP-based
Destination Host Enter the host name or IP address of throughput test.
the destination host.
Password Enter the administrator password.
Resolve IP Addresses Select this option to resolve
and print hop IP addresses symbolically rather than Direction Select one of three directions:
numerically. • duplex Estimates the incoming (RX) and outgoing (TX)
Start Click Start to start the test. throughput at the same time.
After the test is completed, the Traceroute tool reports the • receive Estimates the incoming (RX) throughput.
following information for each hop: • transmit Estimates the outgoing (TX) throughput.
# Displays the hop number. Duration Enter the number of seconds the test should
Host Displays the hostname, identifier, or IP address of last. The default is 30 seconds.
the hop host. Start Click Start to start the test.
IP Displays the IP address of the hop host. The results are displayed on a speedometer dial and in five
Response Displays the round-trip times from the device result categories:
to the hop host. There are three packets sent per hop, so
there should be three round-trip times displayed. If there
is no response from the hop host within the timeout
interval of 5 seconds, “*” is displayed.
Speed Test
This utility allows you to test the connection speed
between two airOS 8 devices. You can use the Speed Test
tool to estimate a preliminary throughput between two
network devices.
Note: If traffic shaping is enabled on either
device, then the Speed Test results will be limited Avg RX Displays the estimated average of incoming
accordingly. throughput.
Avg TX Displays the estimated average of outgoing
throughput.
Avg Total Displays the estimated average of aggregate
throughput.
Max RX Displays the maximum of incoming throughput.
Max TX Displays the maximum of outgoing throughput.

Log
Click at the bottom left corner of the page to open the
System Log window, which provides a record of events on
the system.
Click Refresh to update the display with the most recent

information. To clear the system log, click Clear, and then
click Yes to verify.

airOS v8 User Guide Appendix A: Contact Information
Appendix A: Contact
Information
Ubiquiti Networks Support
Ubiquiti Support Engineers are located around the world
and are dedicated to helping customers resolve software,
hardware compatibility, or field issues as quickly as
possible. We strive to respond to support inquiries within
a 24-hour period.
Ubiquiti Networks, Inc.
2580 Orchard Parkway
San Jose, CA 95131
www.ubnt.com
Online Resources
Support: ubnt.link/airMAX-Support
Community: ubnt.link/airMAX-ac-Blog
Downloads: downloads.ubnt.com/airmax-ac
AI041516

www.ubnt.com
©2016 Ubiquiti Networks, Inc. All rights reserved. Ubiquiti, Ubiquiti Networks, the Ubiquiti U logo, the Ubiquiti beam logo, airMagic, airMAX, airOS, airView,
LiteBeam, NanoBeam, PowerBeam, and Rocket are trademarks or registered trademarks of Ubiquiti Networks, Inc. in the United States and in other countries.
WPA and WPA2 are trademarks of the Wi-Fi Alliance. All other trademarks are the property of their respective owners.

Operating System For Ubiquiti Airmax Ac Series Products Release Version: 8

Uploaded by

Document Informationclick to expand document informationUbiquity airOS_8_UG_V02

Document Informationclick to expand document information

Copyright:

Available Formats

Operating System For Ubiquiti Airmax Ac Series Products Release Version: 8

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Operating System For Ubiquiti Airmax Ac Series Products Release Version: 8

Uploaded by

Copyright:

Available Formats

Operating System for Ubiquiti®

airMAX® ac Series Products

Ubiquiti Networks, Inc. i

Chapter 8: Tools and Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

Appendix A: Contact Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49

ii Ubiquiti Networks, Inc.

Chapter 1: Overview • Comprehensive Array of Diagnostic Tools, including RF

Ubiquiti Networks, Inc. 1

If the authenticity of the Ubiquiti product cannot be

2 Ubiquiti Networks, Inc.

Ubiquiti Networks, Inc. 3

4 Ubiquiti Networks, Inc.

Chapter 2: Main Memory Displays the percentage of memory currently

Ubiquiti Networks, Inc. 5

ARP Table Interface Displays the network interface (bridge

IP Address Displays the IP address assigned to a network

Ubiquiti Networks, Inc. 7

Firewall Port forwarding allows you to connect to a specific service

8 Ubiquiti Networks, Inc.

Wireless of these modes at a time. For example, if the device is

Ubiquiti Networks, Inc. 9

10 Ubiquiti Networks, Inc.

This section displays the isolated or average capacity, or

Ubiquiti Networks, Inc. 11

12 Ubiquiti Networks, Inc.

Basic Wireless Settings

Note: All airMAX M Series devices must use airOS 6

Ubiquiti Networks, Inc. 13

14 Ubiquiti Networks, Inc.

Ubiquiti Networks, Inc. 15

WPA Preshared Key Specify a passphrase. The preshared

16 Ubiquiti Networks, Inc.

EAP Type Select the authentication protocol (EAP-TTLS

Ubiquiti Networks, Inc. 17

Aggregation Frames This option allows the device to

18 Ubiquiti Networks, Inc.

Chapter 4: Network • Router The device contains two networks or subnets:

Ubiquiti Networks, Inc. 19

Router mode: Configuration Mode

20 Ubiquiti Networks, Inc.

Management Network Settings Note: In Bridge mode, the gateway IP address

Ubiquiti Networks, Inc. 21

WAN Network Settings Block Management Access To block device management

• DMZ IP Enter the IP address of the local host network

22 Ubiquiti Networks, Inc.

Static DMZ DMZ (Demilitarized Zone) specifically allows one

Management Method Management Port

Ubiquiti Networks, Inc. 23

Management Method Management Port

Username Enter the username to connect to the PPPoE SSH 22 TCP

24 Ubiquiti Networks, Inc.

-- Range Start, Range End Determines the range of IP

Ubiquiti Networks, Inc. 25

26 Ubiquiti Networks, Inc.

VLAN Network Bridge Network

VLAN ID Displays the VLAN identifier.

Ubiquiti Networks, Inc. 27