-
Notifications
You must be signed in to change notification settings - Fork 19
WiFi
Welcome to the WiFi tutorials. This page provides information on wireless connectivity of Microchip 802.11 drivers.
The wireless tool, iw is the basic tool for wireless drivers based on nl80211. It allows a user to scan access points, get the information on wlan0, and connect to an open network or WEP protected network. The most common uses are:
iw dev: lists all network interfaces for wireless hardware.
iw wlan0: link: shows connection status.
iw wlan0 info: shows information for this interface.
iw wlan0 scan: scans access points.
iw wlan0 connect ssid: connects to an open network.
iw wlan0 connect ssid key 0:1122334455: connects to the WEP protected network.
A list networks with information on e.g. ssid, wps and signal levels will be shown when the scan is completed.
$ iw wlan0 scan
BSS 00:26:66:23:05:a4(on wlan0)
TSF: 2810549005 usec (0d, 00:46:50)
freq: 2452
beacon interval: 100 TUs
capability: ESS Privacy ShortSlotTime APSD (0x0c11)
signal: -59.00 dBm
last seen: 0 ms ago
Information elements from Probe Response frame:
SSID: DEMO_AP
Supported rates: 1.0* 2.0* 5.5* 11.0* 9.0 18.0 36.0 54.0
DS Parameter set: channel 9
Extended supported rates: 6.0 12.0 24.0 48.0
Country: KR Environment: Indoor/Outdoor
Channels [1 - 13] @ 16 dBm
WPS: * Version: 1.0
* Wi-Fi Protected Setup State: 2 (Configured)
* UUID: 28802880-2880-1880-a880-0026662305a4
* RF Bands: 0x1
...
Connects to an unprotected network that was found during the scan. In this case, for example, the ssid is DEMO_AP.
$ iw wlan0 connect DEMO_AP
The following command will display the link status. If not connected, Not connected is shown. It should be noted that if the network is disconnected due to any issues, the connection command should be reissued by a user. The wpa_supplicant will automatically try to reconnect to networks when the connection is lost.
$ iw wlan0 link
Connected to 00:26:66:23:05:a4 (on wlan0)
SSID: DEMO_AP
freq: 2452
signal: -61 dBm
tx bitrate: 36.0 MBit/s
The iw tool dosen't support to connect to WPA/WPA2 protected networks. Note that wpa_supplicant supports WPA/WPA2 protected networks.
$ iw wlan0 connect DEMO_AP key 0:112234455
To disconnect from the AP that the station is connected, issue the following command:
$ iw wlan0 disconnect
To get station statistic information such as the amount of tx/rx bytes, signal and tx bitrate, issue the following command:
$ iw dev wlan0 station dump
Station 12:34:56:78:9a:bc (on wlan0)
inactive time: 304 ms
rx bytes: 18816
rx packets: 75
tx bytes: 5386
tx packets: 21
signal: -29 dBm
tx bitrate: 54.0 MBit/s
wpa_supplicant is a userspace daemon that runs in the background and acts as the backend component controlling the wireless connection. wpa_cli is a text-based frontend program for interacting with wpa_supplicant. The followings are command line options:
usage:
wpa_supplicant [-BddfhKLqqtuvwW] [-P<pid file>] [-g<global ctrl>] \
[-G<group>] \
-i<ifname> -c<config file> [-C<ctrl>] [-D<driver>] [-p<driver_param>] \
[-b<br_ifname> [-N -i<ifname> -c<conf> [-C<ctrl>] [-D<driver>] \
[-p<driver_param>] [-b<br_ifname>] [-m<P2P Device config file>] ...
options:
-b = optional bridge interface name
-B = run daemon in the background
-c = Configuration file
-C = ctrl_interface parameter (only used if -c is not)
-i = interface name
-d = increase debugging verbosity (-dd even more)
-D = driver name (can be multiple drivers: nl80211,wext)
-f = Log output to default log location (normally /tmp)
-g = global ctrl_interface
-G = global ctrl_interface group
-K = include keys (passwords, etc.) in debug output
-t = include timestamp in debug messages
-h = show this help text
-L = show license (BSD)
-p = driver parameters
-P = PID file
-q = decrease debugging verbosity (-qq even less)
-u = enable DBus control interface
-v = show version
-w = wait for interface to be added, if needed
-W = wait for a control interface monitor before starting
-N = start describing new interface
-m = Configuration file for the P2P Device
drivers:
nl80211 = Linux nl80211/cfg80211
wext = Linux wireless extensions (generic)
wired = wpa_supplicant wired Ethernet driver
roboswitch = wpa_supplicant Broadcom switch driver
bsd = BSD 802.11 support (Atheros, etc.)
ndis = Windows NDIS driver
For the Microchip wireless drivers, start wpa_supplicant daemon in the background.
wpa_supplicant -B -iwlan0 -Dnl80211 -c/etc/wpa_supplicant.conf
For more debugging log, start the daemon with debugging option enabled.
wpa_supplicant -d -iwlan0 -Dnl80211 -c/etc/wpa_supplicant.conf
wpa_supplicant is configured using a text file that lists all accepted networks and security policies, including pre-shared keys. See here for the detailed features and options in wpa_supplicant configuration file. For the simplest use, the configuration file includes the followings:
ctrl_interface=/var/run/wpa_supplicant
update_config=1
The configuration file can include one or more network blocks. wpa_supplicant will automatically select the best network based on the order of network blocks in the configuration file, network security level, and signal strength.
ctrl_interface=/var/run/wpa_supplicant
network={
ssid="<my_ssid>"
scan_ssid=1
key_mgmt=WPA-PSK
psk="<passphrase>"
}
wpa_cli is a text-based frontend program for interacting with wpa_supplicant. It is used to query current status, change configuration, trigger events, and request interactive user input. The followings are wpa_cli commands:
wpa_cli commands
status = get current WPA/EAPOL/EAP status
mib = get MIB variables (dot1x, dot11)
help = show this usage help
interface [ifname] = show interfaces/select interface
level <debug level> = change debug level
license = show full wpa_cli license
logoff = IEEE 802.1X EAPOL state machine logoff
logon = IEEE 802.1X EAPOL state machine logon
set = set variables (shows list of variables when run without arguments)
pmksa = show PMKSA cache
reassociate = force reassociation
reconfigure = force wpa_supplicant to re-read its configuration file
preauthenticate <BSSID> = force preauthentication
identity <network id> <identity> = configure identity for an SSID
password <network id> <password> = configure password for an SSID
pin <network id> <pin> = configure pin for an SSID
otp <network id> <password> = configure one-time-password for an SSID
passphrase <network id> <passphrase> = configure private key passphrase
for an SSID
bssid <network id> <BSSID> = set preferred BSSID for an SSID
list_networks = list configured networks
select_network <network id> = select a network (disable others)
enable_network <network id> = enable a network
disable_network <network id> = disable a network
add_network = add a network
remove_network <network id> = remove a network
set_network <network id> <variable> <value> = set network variables
(shows list of variables when run without arguments)
get_network <network id> <variable> = get network variables
save_config = save the current configuration
disconnect = disconnect and wait for reassociate command before connecting
scan = request new BSS scan
scan_results = get latest scan results
get_capability <eap/pairwise/group/key_mgmt/proto/auth_alg> = get capabilies
terminate = terminate wpa_supplicant
quit = exit wpa_cli
wpa_cli command line options
wpa_cli [-p<path to ctrl sockets>] [-i<ifname>] [-hvB] [-a<action file>] \
[-P<pid file>] [-g<global ctrl>] [command..]
-h = help (show this usage text)
-v = shown version information
-a = run in daemon mode executing the action file based on events from
wpa_supplicant
-B = run a daemon in the background
default path: /var/run/wpa_supplicant
default interface: first interface found in socket path
Make sure running the wpa_supplicant in the background before setting networks with wpa_cli.
# wpa_supplicant -B -Dnl80211 -iwlan0 -c /etc/wpa_supplicant.conf
# wpa_cli -iwlan0 scan
# wpa_cli -iwlan0 scan_results
bssid / frequency / signal level / flags / ssid
a4:93:4c:b1:9c:ee 2437 -35 [WPA-EAP-TKIP+CCMP][WPA2-EAP-TKIP+CCMP][ESS]Cisco
00:26:66:c6:0f:fe 2462 -35 [WPA-PSK-CCMP][WPA2-PSK-CCMP][WPS][ESS] NW11
00:26:66:23:05:a4 2432 -40 [WPA2-PSK-CCMP][WPS][ESS] DEMO_AP
68:86:a7:7f:6d:70 2437 -41 [WPA-PSK-TKIP][ESS] AVRGUEST
90:9f:33:1c:47:e6 2472 -42 [WPA2-PSK-CCMP][WPS][ESS] actest
64:e5:99:a4:e1:8c 2432 -43 [WPA-PSK-CCMP][WPA2-PSK-CCMP][WPS][ESS] NW03
94:63:d1:06:52:b6 2412 -49 [WPA-PSK-TKIP+CCMP][ESS] atmel
64:e5:99:62:36:f4 2462 -50 [WPA-PSK-CCMP][WPA2-PSK-CCMP][WPS][ESS] NW01
00:26:66:23:05:a5 2432 -39 [WEP][ESS] DEMO_WEP
00:26:66:c6:00:2a 2417 -42 [WPS][ESS] con_system
f8:f0:05:20:af:4f 2437 -54 [ESS] FB03-PUFFY-AF4F
The configuration file has many options, and the followings are the most common options:
mode: IEEE 802.11 operation mode
0 = infrastructure (Managed) mode, i.e., associate with an AP (default)
1 = IBSS (ad-hoc, peer-to-peer)
2 = AP (access point)
auth_alg: list of allowed IEEE 802.11 authentication algorithms
OPEN = Open System authentication (required for WPA/WPA2)
SHARED = Shared Key authentication (requires static WEP keys)
LEAP = LEAP/Network EAP (only used with LEAP)
If not set, automatic selection is used (Open System with LEAP enabled if
LEAP is allowed as one of the EAP methods).
key_mgmt: list of accepted authenticated key management protocols
WPA-PSK = WPA pre-shared key (this requires 'psk' field)
WPA-EAP = WPA using EAP authentication
IEEE8021X = IEEE 802.1X using EAP authentication and (optionally) dynamically
generated WEP keys
NONE = WPA is not used; plaintext or static WEP could be used
WPA-PSK-SHA256 = Like WPA-PSK but using stronger SHA256-based algorithms
WPA-EAP-SHA256 = Like WPA-EAP but using stronger SHA256-based algorithms
If not set, this defaults to: WPA-PSK WPA-EAP
Add network and assign an index number to a new network for the specified interface. The command, set_network will use this index to configure all of things. This command will return zero as the index number if no network was connected yet:
# wpa_cli -iwlan0 add_network
Set IEEE 802.11 operation mode:
# wpa_cli -iwlan0 set_network 0 mode 0
Set authentication algorithms:
# wpa_cli -iwlan0 set_network 0 auth_alg OPEN
Set authenticated key management protocols:
# wpa_cli -iwlan0 set_network 0 key_mgmt NONE
Set the SSID (in this case, the ssid is con_system) to be connected:
# wpa_cli -iwlan0 set_network 0 ssid '"con_system"'
Enable the selected network:
# wpa_cli -iwlan0 enable_network 0
Check the link status with iw command:
# iw wlan0 link
Connected to 00:26:66:c6:00:2a (on wlan0)
SSID: con_system
freq: 2417
DBG [nmi_wlan_cfg_get: 2194][NMI]Get Response received
*** stats[-23][149][7][1][720]
signal: -23 dBm
tx bitrate: 72.0 MBit/s
Check the link status with wpa_cli:
# wpa_cli -iwlan0 status
bssid=00:26:66:c6:00:2a
ssid=con_system
id=0
mode=station
pairwise_cipher=NONE
group_cipher=NONE
key_mgmt=NONE
wpa_state=COMPLETED
address=00:80:c2:5e:a2:ff
To obtain IP address, issue the following command.
# dhcpcd -iwlan0 &
WEP (Wired Equivalent Privacy) is a security algorithm for IEEE 802.11 wireless networks. The standard 64-bit WEP key is entered as a string of 10 hexadecimal characters (0-9 and A-F), and also as 5 ASCII characters (0-9, a-z, A-Z). The 128-bit WEP protocol was introduced to tighten up security and the key is entered as a string of 26 digit key of hexadecimal characters , 13 ASCII characters. There are two methods of authentication for WEP: open system and shared key authentication.
-
Open system authentication: the client doesn't need to provide its credentials to the access point during authentication. Any client can authenticate with the access point and then attempt to associate. The clients should have the correct keys defined in the access point to encrypt the data frames.
-
Shared key authentication: the clients authenticate with the access point with WEP key. The client sends an authentication request to the access point. The access point replies with a plaintext challenge. The client encrypts the challenge text using the pre-shared WEP key, and sends it back with another authentication request. Then the access point de-crypts the response, and if it matches, the client authenticates and associates with the access point.
The following shows how to connect to the access point secured with open WEP 64bit (Assume that the SSID is con_system and WEP key is 1122334455).
# wpa_cli -iwlan0 add_network
# wpa_cli -iwlan0 set_network 0 mode 0
# wpa_cli -iwlan0 set_network 0 auth_alg OPEN
# wpa_cli -iwlan0 set_network 0 key_mgmt NONE
# wpa_cli -iwlan0 set_network 0 wep_key0 1122334455
# wpa_cli -iwlan0 set_network 0 ssid '"con_system"'
# wpa_cli -iwlan0 enable_network 0
Check the link status with wpa_cli:
# wpa_cli -iwlan0 status
bssid=00:26:66:c6:00:2a
ssid=con_system
id=0
mode=station
pairwise_cipher=WEP-40
group_cipher=WEP-40
key_mgmt=NONE
wpa_state=COMPLETED
address=00:80:c2:5e:a2:ff
To obtain IP address, issue the following command.
# dhcpcd -iwlan0 &
The WPA/WPA2 was introduced because the authentication with either open system or shared key WEP is seriously weak. The WPA was an intermediate measure to take over the WEP security, and then it has been replaced by WPA2 also.
To connect WPA network (SSID: con_system and passphrase: 12345678):
# wpa_cli -iwlan0 add_network
# wpa_cli -iwlan0 set_network 0 mode 0
# wpa_cli -iwlan0 set_network 0 auth_alg OPEN
# wpa_cli -iwlan0 set_network 0 key_mgmt WPA-PSK
# wpa_cli -iwlan0 set_network 0 psk '"12345678"'
# wpa_cli -iwlan0 set_network 0 ssid '"con_system"'
# wpa_cli -iwlan0 enable_network 0
psk: WPA preshared key; 256-bit pre-shared key
Check the link status:
# wpa_cli -iwlan0 status
bssid=00:26:66:c6:00:2a
ssid=con_system
id=0
mode=station
pairwise_cipher=CCMP
group_cipher=CCMP
key_mgmt=WPA-PSK
wpa_state=COMPLETED
address=00:80:c2:5e:a2:ff
To connect WPA2 network (SSID: con_system and passphrase: 12345678):
# wpa_cli -iwlan0 add_network
# wpa_cli -iwlan0 set_network 0 mode 0
# wpa_cli -iwlan0 set_network 0 auth_alg OPEN
# wpa_cli -iwlan0 set_network 0 key_mgmt WPA-PSK
# wpa_cli -iwlan0 set_network 0 proto RSN
# wpa_cli -iwlan0 set_network 0 psk '"12345678"'
# wpa_cli -iwlan0 set_network 0 ssid '"con_system"'
# wpa_cli -iwlan0 enable_network 0
proto: list of accepted protocols
WPA = WPA/IEEE 802.11i/D3.0
RSN = WPA2/IEEE 802.11i (also WPA2 can be used as an alias for RSN)
If not set, this defaults to: WPA RSN
Check the link status:
# wpa_cli -iwlan0 status
bssid=00:26:66:c6:00:2a
ssid=con_system
id=0
mode=station
pairwise_cipher=CCMP
group_cipher=CCMP
key_mgmt=WPA2-PSK
wpa_state=COMPLETED
address=00:80:c2:5e:a2:ff
To obtain IP address, issue the following command.
# dhcpcd -iwlan0 &
This page introduces the hostapd which is an IEEE802.11 AP to provide information how to configure the Microchip 802.11 wireless devices to work in access point. The hostapd is a user space daemon for AP and authentication servers. Refer to the hostapd homepage for more information on supported security features, EAP methods, and wireless cards/drivers and so on.
The hostpapd configuration file, usually located in /etc/hostapd.conf, defines the soft AP mode settings with various options (See detailed information on hostapd.conf). The most common options used in the hostapd.conf are:
- interface: AP netdevice name, for example, wlan0 in the most cases.
- driver: interface type, nl80211 used with all Linux nl80211/mac80211 drivers in the most cases.
- ctrl_interface: interface for separate control program for example, hostapd_cli.
- ssid: SSID to be used in IEEE 802.11 management frames.
- beacon_int: beacon interval in TU (1024 ms), the default is 100, range 15 to 65535.
- dtim_period: DTIM (Delivery Traffic Information Message) period (default 2), 1 means every beacon includes DTIM.
- channel: channel number. The default is 0. In this case, is is automatically selected.
- hw_mode: operation mode (a = 802.11a, b = 802.11b, g = 802.11g) to specify the band. (default: b)
- max_num_sta: maximum number of stations allowed in station table (limited to 2007). The default is also 2007.
- ap_max_inactivity: station inactivity limit. If a station does not send anything in ap_max_inactivity seconds, an * * empty data frame is sent to it in order to verify whether it is still in range.
- leee80211n: if 1, then IEEE 802.11n is enabled.
- auth_algs: authentication algorithms.
- wpa_pairwise: encryption algorithms. TKIP for WPA, CCMP for WPA2.
- wpa_key_mgmt: key management algorithms (WPA-PSK, WPA-EAP, or both).
- WPA: bit0=WPA (WPA=1), bit1=WPA2 (WPA=2)
In the demo platform hostapd is available in /etc/ as:
- wilc_hostapd_open.conf
- wilc_hostapd_wep.conf
- wilc_hostapd_wpa.conf
The following sections show how to write the hostapd.conf according to AP modes.
interface=wlan0
driver=nl80211
ctrl_interface=/var/run/hostapd
ssid=SoftAP
dtim_period=2
beacon_int=100
channel=6
auth_algs=3
hw_mode=g
max_num_sta=8
ap_max_inactivity=300
interface=wlan0
driver=nl80211
ctrl_interface=/var/run/hostapd
ssid=SoftAP
dtim_period=2
beacon_int=100
channel=6
auth_algs=1
hw_mode=g
max_num_sta=8
ap_max_inactivity=300
wpa=1
wpa_passphrase=12341234
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
interface=wlan0
driver=nl80211
ctrl_interface=/var/run/hostapd
ssid=SoftAP
dtim_period=2
beacon_int=100
channel=6
auth_algs=1
hw_mode=g
max_num_sta=8
ap_max_inactivity=300
wpa=2
wpa_passphrase=12341234
wpa_key_mgmt=WPA-PSK
wpa_pairwise=CCMP
interface=wlan0
driver=nl80211
ctrl_interface=/var/run/hostapd
ssid=SoftAP
dtim_period=2
beacon_int=100
channel=6
auth_algs=1
hw_mode=g
max_num_sta=8
ap_max_inactivity=300
wpa=3
wpa_passphrase=12341234
wpa_key_mgmt=WPA-PSK
wpa_pairwise=CCMP TKIP
For the simple demo, write the /etc/dhcpd.conf like the following:
ddns-update-style none;
default-lease-time 600;
max-lease-time 7200;
option subnet-mask 255.255.255.0;
option domain-name-servers 168.126.63.1, 164.124.101.2; # DNS Server IP
option domain-name "sample.example"; # domain name
subnet 192.168.0.0 netmask 255.255.255.0 {
range 192.168.0.100 192.168.0.110; # range ip
option broadcast-address 192.168.0.255;
option routers 192.168.0.1; # gateway ip
}
Log-facility local7;
Then, update the /etc/init.d/S80dhcp-server like the following:
INTERFACES=”wlan0”
. . .
test -f /etc/dhcpd.conf || exit 0
Make sure that the network is enabled with WILC in the Linux platform before running AP mode. Otherwise, if not enabled, issue the following commands to enable the network.
$ insmod /lib/modules/<kernel_version>/kernel/drivers/staging/wilc1000/wilc.ko
$ insmod /lib/modules/<kernel_version>/kernel/drivers/staging/wilc1000/wilc-sdio.ko
$ ifconfig wlan0 up
Then issue the followings to run AP mode in Linux platform with WILC.
$ hostapd /etc/hostapd.conf -B
$ ifconfig wlan0 192.168.0.1
$ /etc/init.d/S80dhcp-server start
Assign the IP of wlan0 with 192.168.0.1 defined in the /etc/dhcpd.conf file.