List of devices we use and links to standard configs and firmware
This doc is in progress. Please add links below to the specific config instructions
What is immediately needed is an SXTsq VPN kiosk client config
We also need a simple way to log into cpe through a omnitik or edgepoint BGP config
SN1 clients need to have an IP address assigned 192.168.42.xxx SN2+ and hub clients use DHCP for the IP address and use WPA password:nycmeshnet
LiteAC / LBE120 Sector
- SN and Hub
- Simple hub
- Dan Grinkevich image (qMp/bmx6/tinc)
- Joachim’s image (LEDE/bmx6)
TP-Link N300 (TL-WR841N)
All Supernodes and hubs apart from SN1 use the same sn2.cfg. Supernode 1 has a slightly different config (sn1.cnf) and it also needs an assigned IP address.
Plug in LiteBeam to POE and connect via management wifi- SSID- "LBE-5AC-Gen2:...." or "NBE..." (booting turns on wifi for 15 minutes)
Go to https://192.168.172.1 in your browser, click "advanced" to proceed.
Log in with username: ubnt and password: ubnt for a new device (or select upload config!)
Go to Settings>System and select "upload firmware" and choose the WA .bin file you downloaded before
While still in System, scroll down to "upload configuration" and select sn1.cfg or sn2.cfg file you downloaded before
Change the "nn" device name from lbe-nycmesh-nn to your node number e.g. lbe-nycmesh-1234
For SN1 only, Go to Network and change the management IP address (192.168.1.20) to the assigned IP address we have given you (192.168.42.xxx)
Click save (twice if necessary)
To pair with the supernode or hub, go to Settings>Wireless and click the SSID "SELECT..." button. This will do a scan. Click the button next to the best AirMac AC signal. (-80 is bad, -50 is good) Click "SELECT" and then "SAVE CHANGES"
For SN2+ and hubs, once this device pairs (numbers appear on dashboard) it will get a different management IP address using DHCP. To stay logged in to router, you must use the management wifi!
To disconnect from the LiteBeam dashboard and do a bandwidth test, connect via ethernet and set your network settings to "DHCP" (or "Automatic") and go to speedtest
Troubleshooting: If you are unable to log into the LiteBeam, reset it to factory defaults- press and hold the Reset button for more than 10 seconds while the LiteBeam ac is already powered on.
The following works with a new SXTsq or a reset SXTsq. You must have the "International" version. To reset an SXTsq, hold the reset button for about 5 seconds while the unit is booting and release as soon as one of the lights begins to flash.
Connect to the SXTsq via ethernet and DHCP. You will get a 192.168.88.xxx address
In the terminal
Say 'yes' to the warning and paste this-
/interface wireless security-profiles add authentication-types=wpa-eap,wpa2-eap eap-methods=eap-ttls-mschapv2 group-ciphers=tkip,aes-ccm mode=dynamic-keys mschapv2-password=5fsOpxER firstname.lastname@example.org name=linknyc email@example.com tls-mode=dont-verify-certificate unicast-ciphers=tkip,aes-ccm /interface wireless set [ find default-name=wlan1 ] band=5ghz-a/n/ac channel-width=20/40/80mhz-Ceee country="united states2" default-authentication=no disabled=no frequency=auto security-profile=linknyc ssid="LinkNYC Private" wireless-protocol=802.11 /interface wireless connect-list add interface=wlan1 security-profile=linknyc ssid="LinkNYC Private" wireless-protocol=802.11
This script automatically connects the SXTsq to the private LinkNYC Kiosk channel. No login is required.
Lots of requests for this!
Assign a static IP to the computer you connect from
IP address: 192.168.88.5
subnet mask: 255.255.255.0
press the reset button WHILE powering on the unit by plugging in the POE cable.
Once one of the LEDs begins to flash white/blue (about 5 seconds), release reset button while it's flashing. After one minute the device will be ready
Connect to GUI
open your browser and connect to http://192.168.88.1/
default username: admin
default password: (leave empty)
Click the button that says "Webfig" in the top right
Name the device
system > identity
"n--". So if your node id is 1000, your device name could be: n1000-sxt-0
Set a password
System > password
IMPORTANT: You must use a unique and strong (at least 8 characters, the longer the better) password to ensure the security of your device!
IP > Services
- Disable telnet
- Disable ftp
- Consider disabling the api and winbox services if you will not be using them.
Other security precautions to consider https://wiki.mikrotik.com/wiki/Manual:Securing_Your_Router
IP > firewall
Find and disable this input rule:
;;; defconf: drop all not coming from LAN
- add new
set Protocol Mode to "none"
- hit apply and OK
IP > DHCP Server
disable by clicking the small [D] button
IP > DHCP Client
- change Interface to bridge1
- hit apply and OK
Wireless > security profiles (tab)
uncheck wpa psk
leave wpa2 psk checked
write in wpa2 Pre-Shared-Key field: nycmeshnet
apply and ok
Wireless > wlan1
Set mode to station-bridge
Set SSID of the hub you want to connect to e.g. nycmesh-xxx
Set channel width to 20/40/80MHz XXXX
Set frequency to auto
Set security profile to nycmeshnet
(below only if you have SXT international version)
Click Advanced Mode button at top
Scroll down and set country drop down to united states
When all settings are correct and the station connects the status should change from "searching for network" to "connected to ess".
Bridge > Ports
Add new, set interface to ether1, set bridge to bridge1
Add new, set interface to wlan1, set bridge to bridge1
IP > Addresses
- Add new, set address to 192.168.88.1/24 set interface to bridge1
- Delete entry 192.168.88.1/24 on interface ether1
Change your computer network settings back to automatic or DHCP
(Note you must be connected to the access point to proceed beyond this point)
Access GUI via routable IP address
Use the name you used for your device, plus the name of the access point to generate the correct URL. For example if your node id is 1000 and the hub id is 500, the URL would be:
Update (2 step process)
- system > packages
- enable ipv6
- update / reboot
- system > routerboard > update