The wireless UCI configuration is located in /etc/config/wireless. Learn about the entire IEEE 802.11 "wireless" subsystem.

Note1: By default the wireless is OFF. You can turn it on in the /etc/config/wireless by changing disabled 1 to disabled 0 In UCI CLI you do this with: uci set wireless.@wifi-device[0].disabled=0; uci commit wireless; wifi Note2: In case your image does not contain the driver for your wireless chipset, simply install them with opkg and proceed with Regenerate Configuration.

A typical wireless config file contains at least one wifi device specifying general radio properties like channel, driver type and txpower and one wifi interface defining a wireless network on top of the radio device.

The wifi-device refer to physical radio devices present on the system. The options present in this section describe properties common across all wireless networks on this radio interface, such as channel or antenna selection.

In most cases there is only one radio adapter present on the device, so only one such section is defined, however on multi-radio hardware there may be multiple wifi-device sections - each referring to a different adapter.

A minimal wifi-device declaration may look like the example below. Note that identifiers and options may vary for different chipset types or drivers.

config 'wifi-device' 'wl0'
        option 'type'    'broadcom'
        option 'channel' '6'

• wl0 is the internal identifier for the wireless adapter
• broadcom specifies the chipset/driver type
• 6 is the wireless channel the device operates on

The possible options for device sections are listed in the table below. Note that not all options are used for all chipset/driver types, refer to the comments for further details.

Name	Type	Required	Default	Description
type	string	yes	(autodetected)	The type is determined on firstboot during the initial radio device detection - it is usually not required to change it. Used values are broadcom on brcm-2.4, atheros for madwifi or mac80211 for b43, ath5k and ath9k
phy	string	no/yes	(autodetected)	Specifies the radio phy associated to this section, it is usually autodetected and should not be changed. By default openwrt uses macaddr to identify the radio (more precise) but you can use phy instead, to be more hardware independent. This option is only used for type mac80211 and madwifi (trunk)
macaddr	MAC address	yes/no	(autodetected)	Specifies the radio adapter associated to this section, it is not used to change the device mac but to identify the underlying interface. The value is autodetected at first boot or when you use phy parameter. If you want a hardware independent config (to restore the config on many routers) you should use phy parameter instead of macaddr. This option is only used for type mac80211 and madwifi (trunk)
disabled	boolean	no	1	Disables the radio adapter if set to 1. Removing this option or setting it to 0 will enable the adapter
channel	integer or "auto"	yes	auto	Specifies the wireless channel to use. In station mode the value auto is allowed, in access point mode an actual channel number must be given
hwmode	string	no	(driver default)	Selects the wireless protocol to use, possible values are 11b, 11bg, 11g, 11gdt (G + dynamic turbo, madwifi only), 11gst (G turbo, broadcom only), 11a, 11adt (A + dynamic turbo, madwifi only), 11ast (A + static turbo, madwifi only), 11fh (frequency hopping), 11lrs (LRS mode, broadcom only), 11ng (11N+11G, 2.4GHz, mac80211 only), 11na (11N+11A, 5GHz, mac80211 only) or auto
htmode	string	no	(driver default)	Specifies the channel width in 11ng and 11na mode, possible values are: HT20 (single 20MHz channel), HT40- (2x 20MHz channels, primary/control channel is upper, secondary channel is below) or HT40+ (2x 20MHz channels, primary/control channel is lower, secondary channel is above). Cf. why.can.t.i.use.ht40.with.channel.11. This option is only used for type mac80211
chanbw	integer	no	20	Specifies a narrow channel width, possible values are: 5 (5MHz channel), 10 (10MHz channel) or 20 (20MHz channel). Only supported by the ath9k/ath5k driver (since Attitude Adjustment)
ht_capab	string	no	(driver default)	Specifies the available capabilities of the radio. The values are autodetected. This option is only used for type mac80211
txpower	integer	no	(driver default)	Specifies the transmission power in dBm
diversity	boolean	no	1	Enables or disables the automatic antenna selection by the driver
rxantenna	integer	no	(driver default)	Specifies the antenna for receiving, the value may be driver specific, usually it is 1 for the first and 2 for the second antenna. Specifying 0 enables automatic selection by the driver if supported. This option has no effect if diversity is enabled
txantenna	integer	no	(driver default)	Specifies the antenna for transmitting, values are identical to rxantenna
antenna	string	no	(driver default)	Selects the antenna, possible values are vertical for internal vertical polarization, horizontal for internal horizontal polarization or external to use the external antenna connector Only used on the Ubiquiti NanoStation device family instead of the rxantenna/txantenna settings.
macfilter	string	no	disable	Specifies the mac filter policy, disable to disable the filter, allow to treat it as whitelist or deny to treat it as blacklist. Supported for the mac80211 since r25105
maclist	list of MAC addresses	no	(none)	List of MAC addresses to put into the mac filter. Supported for the mac80211 since r25105
country	varies	no	(driver default)	Specifies the country code, affects the available channels and transmission powers. For type broadcom a two letter country code is used (EN or DE). The madwifi driver expects a numeric code. Not supported for the mac80211 type yet (supported in trunk)
distance	integer	no	(driver default)	Distance between the ap and the furthest client in meters . Only supported by madwifi, and the mac80211 type (in trunk)
noscan	boolean	no	0	Do not scan for overlapping BSSs in HT40+/- mode. Only supported by mac80211 Turning this on will violate regulatory requirements!
beacon_int	integer	no	100 (hostapd default)	Set the beacon interval. This is the time interval between beacon frames, measured in units of 1.024 ms. hostapd permits this to be set between 15 and 65535. This option only has an effect on ap and adhoc wifi-ifaces. Only supported by mac80211 (in trunk)
short_preamble	boolean	no	0	Set optional use of short preamble Only supported by mac80211
basic_rate	list	no	(hostapd/driver default)	Set the supported basic rates. Each basic_rate is measured in kb/s. This option only has an effect on ap and adhoc wifi-ifaces. Only supported by mac80211 (in trunk)
log_level	integer	no	2	Set the log_level. Supported levels are: 0 = verbose debugging, 1 = debugging, 2 = informational messages, 3 = notification, 4 = warning

The options below are only used by the proprietary Broadcom driver (type broadcom).

Name	Type	Required	Default	Description
frameburst	boolean	no	0	Enables Broadcom frame bursting if supported
maxassoc	integer	no	(driver default)	Limits the maximum allowed number of associated clients
slottime	integer	no	(driver default)	Slot time in milliseconds

The following options are only used by the Madwifi driver (type atheros).

Name	Type	Required	Default	Description
softled	boolean	no	1	Enables software based LED control in the driver
outdoor	boolean	no	0	Enables outdoor channels in the 5GHz band
regdomain	number	no	(driver default)	Overrides the regulatory domain setting

A complete wireless configuration contains at least one wifi-iface section per adapter to define a wireless network on top of the hardware. Some drivers support multiple wireless networks per device:

• broadcom if the core revision is greater or equal 9 (see dmesg | grep corerev)
• madwifi always supports multiple networks
• mac80211 STA mode supported on trunk. STA and AP at the same time is not yet supported(r22989).

A minimal example for a wifi-iface declaration is given below.

config 'wifi-iface'
        option 'device'     'wl0'
        option 'network'    'lan'
        option 'mode'       'ap'
        option 'ssid'       'MyWifiAP'
        option 'encryption' 'psk2'
        option 'key'        'secret passphrase'

• wl0 is the identifier for the underlying radio hardware
• lan specifies the network interface the wifi is attached to
• ap is the opetion mode, Access Point in this example
• MyWifiAP is the broadcasted SSID
• psk2 specifies the wireless encryption method, WPA2 PSK here
• secret passphrase is the secret WPA passphrase

The most common configuration option for wifi-iface sections are listed below.

Name	Type	Required	Default	Description
device	string	yes	(first device id)	Specifies the used wireless adapter, must refer to one of the defined wifi-device sections
mode	string	yes	ap	Selects the operation mode of the wireless network, ap for Access Point, sta for managed (client) mode, adhoc for Ad-Hoc, wds for static WDS and monitor for monitor mode, mesh for 802.11s mesh mode mesh mode only supported by mac80211 (in trunk)
disabled	boolean	no	1	When set to 1, wireless network is disabled.
ssid	string	yes	OpenWrt	The broadcasted SSID of the wireless network (for managed mode the SSID of the network you're connecting to)
bssid	BSSID address	no	(driver default)	Override the BSSID of the network, only applicable in adhoc or sta mode. In wds mode specifies the BSSID of another AP to create WDS with.
mesh_id	Mesh ID	no	none	The Mesh ID as defined in IEEE 802.11s. If set, the wireless interface will join this mesh network when brought up. If not, it is necessary to invoke iw <iface> mesh join <mesh_id> to join a mesh after the interface is brought up. Only supported by mac80211 (in trunk)
hidden	boolean	no	0	Turns off SSID broadcasting if set to 1
isolate	boolean	no	0	Isolate wireless clients from each other, only applicable in ap mode. May not be supported in the original Backfire release for mac80211
doth	boolean	no	0	Enables 802.11h support. Not supported for the mac80211 type yet
wmm	boolean	no	1	Enables WMM (802.11e) support. Required for 802.11n support
network	string	yes	lan	Specifies the network interface to attach the wireless to
encryption	string	no	none	Wireless encryption method. none for an open network, wep for WEP, psk for WPA-PSK, or psk2 for WPA2-PSK. See the WPA modes table for additional possible values. For an access point in WEP mode, the default is "open system" authentication. Use wep+shared for "shared key" authentication (less secure), wep+open to explicitly use "open system," or wep+mixed to allow either. wep+mixed is only supported by hostapd.
key	integer or string	no	(none)	In any WPA-PSK mode, this is a string that specifies the pre-shared passphrase from which the pre-shared key will be derived. If a 64-character hexadecimal string is supplied, it will be used directly as the pre-shared key instead. In WEP mode, this can be an integer specifying which key index to use (key1, key2, key3, or key4.) Alternatively, it can be a string specifying a passphrase or key directly, as in key1. In any WPA-Enterprise AP mode, this option has a different interpretation.
key1	string	no	(none)	WEP passphrase or key #1 (selected by the index in key). This string is treated as a passphrase from which the WEP key will be derived. If a 10- or 26-character hexadecimal string is supplied, it will be used directly as the WEP key instead.
key2	string	no	(none)	WEP passphrase or key #2 (selected by the index in key), as in key1.
key3	string	no	(none)	WEP passphrase or key #3 (selected by the index in key), as in key1.
key4	string	no	(none)	WEP passphrase or key #4 (selected by the index in key), as in key1.
iapp_interface	string	no	(none)	Specifies a network interface to be used for 802.11f (IAPP) - only enabled when defined.
rsn_preauth	boolean	no	0	Allow preauthentication for WPA2-EAP networks (and advertise it in WLAN beacons). Only works if the specified network interface is a bridge.
ieee80211d	integer	no	1 if country is set, otherwise 0	Enables IEEE 802.11d country IE (information element) advertisement in beacon and probe response frames. This IE contains the country code and channel/power map. Requires country.
ieee80211w	integer	no	0	Enables MFP (802.11w) support (0 = disabled, 1 = optional, 2 = required). Only supported by the ath9k driver (in trunk)
ieee80211w_max_timeout	integer	no	(hostapd default)	Specifies the 802.11w Association SA Query maximum timeout. Only supported by the ath9k driver (in trunk)
ieee80211w_retry_timeout	integer	no	(hostapd default)	Specifies the 802.11w Association SA Query retry timeout . Only supported by the ath9k driver (in trunk)
maxassoc	integer	no	(hostapd/driver default)	Specifies the maximum number of clients to connect.
macaddr	mac address	no	(hostapd/driver default)	Overrides the MAC address used for the wifi interface.
dtim_period	integer	no	2 (hostapd default)	Set the DTIM (delivery traffic information message) period. There will be one DTIM per this many beacon frames. This may be set between 1 and 255. This option only has an effect on ap wifi-ifaces. Only supported by mac80211 (in trunk)
max_listen_int	integer	no	65535 (hostapd default)	Set the maximum allowed STA (client) listen interval. Association will be refused if a STA attempts to associate with a listen interval greater than this value. This option only has an effect on ap wifi-ifaces. Only supported by mac80211 (in trunk)
mcast_rate	integer	no	(driver default)	Sets the fixed multicast rate, measured in kb/s. Only supported by madwifi, and mac80211 (for type adhoc in trunk)
See the WPA tables below for a full listing of WPA related options used for WPA2 Enterprise (802.1x)
See the WPS Options below for a full listing of Wi-Fi Protected Setup options.
wds	boolean	no	0	This sets 4-address mode

The options in the table below only work with type atheros.

Name	Type	Required	Default	Description
ar	boolean	no	0	Enables AR support
bgscan	boolean	no	0	Enables background scanning
bursting	boolean	no	0	Enables frame bursting
compression	boolean	no	0	Enables hardware compression
ff	boolean	no	0	Enables fast frames
frag	integer	no	(none)	Fragmentation threshold
minrate	integer	no	(driver default)	Limit the minimum rate used
maxrate	integer	no	(driver default)	Limit the maximum rate used
nosbeacon	boolean	no	0	Disables the hardware beacon timer, only applicable in Managed mode
sw_merge	boolean	no	0	Disables the hardware beacon timer, only applicable in IBSS mode
probereq	boolean	no	1	Enables probe responses (AP will not appear in wifi scans if disabled)
rate	integer	no	(driver default)	Use a fixed rate
rts	integer	no	(driver default)	Override the RTS/CTS threshold
turbo	boolean	no	0	Enables turbo mode
uapsd	boolean	no	0	Enables Unscheduled Automatic Power Save Delivery (UAPSD)
wds	boolean	no	0	Enables Lazy-WDS, only applicable in Access Point or Managed mode
wdssep	boolean	no	0	Separates WDS clients from each other
xr	boolean	no	0	Enables XR support, only applicable in Managed mode

Besides the WPA mode, the encryption option also specifies the group and peer ciphers to use. To override the cipher, the value of encryption must be given in the form mode+cipher. See the listing below for possible combinations. If the hwmode of the interface is set to ng or na, then the CCMP cipher is always added to the list.

Value	WPA Version	Ciphers
psk2+tkip+ccmp psk2+tkip+aes	WPA2 Personal (PSK)	TKIP, CCMP
psk2+tkip	WPA2 Personal (PSK)	TKIP
psk2+ccmp psk2+aes psk2	WPA2 Personal (PSK)	CCMP
psk+tkip+ccmp psk+tkip+aes	WPA Personal (PSK)	TKIP, CCMP
psk+tkip psk	WPA Personal (PSK)	TKIP
psk+ccmp psk+aes	WPA Personal (PSK)	CCMP
mixed-psk+tkip+ccmp mixed-psk+tkip+aes mixed-psk	WPA/WPA2 Personal (PSK) mixed mode	TKIP, CCMP
mixed-psk+tkip	WPA/WPA2 Personal (PSK) mixed mode	TKIP
mixed-psk+ccmp mixed-psk+aes	WPA/WPA2 Personal (PSK) mixed mode	CCMP
wpa2+tkip+ccmp wpa2+tkip+aes	WPA2 Enterprise	TKIP, CCMP
wpa2+ccmp wpa2+aes wpa2	WPA2 Enterprise	CCMP
wpa2+tkip	WPA2 Enterprise	TKIP
wpa+tkip+ccmp wpa+tkip+aes	WPA Enterprise	TKIP, CCMP
wpa+ccmp wpa+aes	WPA Enterprise	CCMP
wpa+tkip wpa	WPA Enterprise	TKIP
mixed-wpa+tkip+ccmp mixed-wpa+tkip+aes mixed-wpa	WPA/WPA2 Enterprise mixed mode	TKIP, CCMP
mixed-wpa+tkip	WPA/WPA2 Enterprise mixed mode	TKIP
mixed-wpa+ccmp mixed-wpa+aes	WPA/WPA2 Enterprise mixed mode	CCMP

Listing of Access Point related options for WPA Enterprise.

Name	Default	Description
server	(none)	RADIUS server to handle client authentication
port	1812	RADIUS port
key	(none)	Shared RADIUS secret
wpa_group_rekey	600	WPA Group Cipher rekeying interval in seconds
The options below are for hostapd (not the Broadcom nas authenticator)
auth_server	(none)	RADIUS authentication server to handle client authentication
auth_port	1812	RADIUS authentication port
auth_secret	(none)	Shared authentication RADIUS secret
auth_cache	0	Disable or enable PMKSA and Opportunistic Key Caching
acct_server	(none)	RADIUS accounting server to handle client authentication
acct_port	1813	RADIUS accounting port
acct_secret	(none)	Shared accounting RADIUS secret
nasid	(none)	NAS ID to use for RADIUS authentication requests

Listing of Client related options for WPA Enterprise.

Name	Default	Description
eap_type	(none)	Defines the EAP protocol to use, possible values are tls for EAP-TLS and peap or ttls for EAP-PEAP
auth	MSCHAPV2	Defines the phase 2 authentication method to use, only applicable if eap_type is peap or ttls
identity	(none)	EAP identity to send during authentication
password	(none)	Password to send during EAP authentication
ca_cert	(none)	Specifies the path the CA certificate used for authentication
client_cert	(none)	Specifies the client certificate used for the authentication
priv_key	(none)	Specifies the path to the private key file used for authentication, only applicable if eap_type is set to tls
priv_key_pwd	(none)	Password to unlock the private key file, only works in conjunction with priv_key

Listing of Wi-Fi Protected Setup related options.

Support for WPS is provided by packages wpad and hostapd-utils. Default package wpad-mini is not enough.

WPS is possible only when encryption PSK is selected.

Some package is not correctly generated and hostapd_cli doesn't support command wps_pbc. See this thread for further details.
Fixed with changeset 33393.

Name	Type	Required	Default	Description
wps_config	list	no	(none)	List of configuration methods. Available methods: usba ethernet label display ext_nfc_token int_nfc_token nfc_interface push_button keypad virtual_display physical_display virtual_push_button physical_push_button. Supported methods: push_button.
wps_device_name	string	no	OpenWrt AP	User-friendly description of device; up to 32 octets encoded in UTF-8.
wps_device_type	string	no	6-0050F204-1	Primary device type. Examples: 1-0050F204-1 (Computer / PC) 1-0050F204-2 (Computer / Server) 5-0050F204-1 (Storage / NAS) 6-0050F204-1 (Network Infrastructure / AP)
wps_label	boolean	no	0	Enable label configuration method.
wps_manufacturer	string	no	openwrt.org	The manufacturer of the device (up to 64 ASCII characters).
wps_pbc	boolean	no	0	Enable push-button configuration method.

Wireless interfaces are brought up and down with the wifi command. To (re)start the wireless after a configuration change, use wifi, to disable the wireless, run wifi down. In case your platform carries multiple wireless devices it is possible to start or run down each of them individually by making the wifi command be followed by the device name as a second parameter. Note: The wifi command has an optional first parameter that defaults to 'up' , i.e. start the device. To make the second parameter indeed a second parameter it is mandatory to give a first parameter which can be anything except down. E.g. to start the interface wlan2 issue: wifi up wlan2; to stop that interface: wifi down wlan2. If the platform has also e.g. wlan0 and wlan1 these will not be touched by stopping or starting wlan2 selectively.

To rebuild the configuration file, e.g. after installing a new wireless driver, remove the existing wireless configuration (if any) and use the wifi detect command with stdout redirected to the /etc/config/wireless file:

rm -f /etc/config/wireless wifi detect > /etc/config/wireless

Stuck at 130Mbps? Get 300Mbps! Note: this violates regulatory requirements.

Edit the file /etc/config/wireless, and restart the wifi AP by executing the following commands…

  uci set wireless.radio0.htmode=HT40+  # or: HT40- if using channel 11
  uci set wireless.radio0.noscan=1
  uci commit wireless; wifi

Note that option 'htmode' should be set to either HT40+ (for channels 1-7) or HT40- (for channels 5-11). You have to use WPA2 encryption with AES.

Currently, the mac80211 family of wifi drivers does not support DFS. However, DFS is mandatory for many channels in the 5GHz band. If you provide a channel in your wireless config that requires DFS according to your country regulations, the radio1 device won't start up. You can check that with

iw reg get

If you provided DE as your country code (Germany), you'll notice that all channels in the 5GHz band require DFS, so you won't be able to use the radio1 device. A workaround is to choose FR, instead. This enables channels 36, 40, 44 and 48 at least. However, it might be illegal to use a foreign country code. Note: The output of iw reg get gives you just the frequences. Matching them to channels may be done via

iwlist wlan1 chan

Adjust other wireless settings as appropriate.

*AS OF 2010-01-11, THE 5 GHZ WIRELESS INTERFACE WILL NOT COME UP UNLESS YOU SET THE COUNTRY CODE AND CHANNELS AS DESCRIBED ABOVE.*

After saving your wireless config, execute this command to force the system to reread the configs and bring up the radios:

wifi

• guest-wlan