Wireless configuration

The wireless UCI configuration is located in /etc/config/wireless. Learn about the entire IEEE 802.11 "wireless" subsystem.

Note1: By default the wireless is OFF. You can turn it on in the /etc/config/wireless by changing disabled 1 to disabled 0
In UCI CLI you do this with:
uci set wireless.@wifi-device[0].disabled=0; uci commit wireless; wifi
Note2: If your device contains multiple radios (e.g. some dual-band devices), then you'll need to enabled each device in-turn - list disabled devices with
uci show wireless | grep disabled
Note3: In case your image does not contain the driver for your wireless chipset, simply install them with opkg and proceed with Regenerate Configuration.

Sections

A typical wireless config file contains at least one wifi device specifying general radio properties like channel, driver type and txpower and one wifi interface defining a wireless network on top of the radio device.

Wifi Devices

The wifi-device refer to physical radio devices present on the system. The options present in this section describe properties common across all wireless networks on this radio interface, such as channel or antenna selection.

In most cases there is only one radio adapter present on the device, so only one such section is defined, however on multi-radio hardware there may be multiple wifi-device sections - each referring to a different adapter.

A minimal wifi-device declaration may look like the example below. Note that identifiers and options may vary for different chipset types or drivers.

config 'wifi-device' 'wl0'
        option 'type'    'broadcom'
        option 'channel' '6'

  • wl0 is the internal identifier for the wireless adapter
  • broadcom specifies the chipset/driver type
  • 6 is the wireless channel the device operates on

The possible options for device sections are listed in the table below. Note that not all options are used for all chipset/driver types, refer to the comments for further details.

Common Options

Name Type Required Default Description
type string yes (autodetected) The type is determined on firstboot during the initial radio device detection - it is usually not required to change it. Used values are broadcom on brcm-2.4, atheros for madwifi or mac80211 for b43, ath5k and ath9k
phy string no/yes (autodetected) Specifies the radio phy associated to this section, it is usually autodetected and should not be changed. By default openwrt uses macaddr to identify the radio (more precise) but you can use phy instead, to be more hardware independent.
:!: This option is only used for type mac80211 and madwifi (trunk)
macaddr MAC address yes/no (autodetected) Specifies the radio adapter associated to this section, it is not used to change the device mac but to identify the underlying interface. The value is autodetected at first boot or when you use phy parameter. If you want a hardware independent config (to restore the config on many routers) you should use phy parameter instead of macaddr.
:!: This option is only used for type mac80211 and madwifi (trunk)
disabled boolean no 0 Disables the radio adapter if set to 1. Removing this option or setting it to 0 will enable the adapter
channel integer or "auto" yes auto Specifies the wireless channel to use. In station mode the value auto is allowed, in access point mode an actual channel number must be given
hwmode string no (driver default) Selects the wireless protocol to use, possible values are 11b, 11bg, 11g, 11gdt (G + dynamic turbo, madwifi only), 11gst (G turbo, broadcom only), 11a, 11adt (A + dynamic turbo, madwifi only), 11ast (A + static turbo, madwifi only), 11fh (frequency hopping), 11lrs (LRS mode, broadcom only), 11ng (11N+11G, 2.4GHz, mac80211 only), 11na (11N+11A, 5GHz, mac80211 only) or auto
htmode string no (driver default) Specifies the channel width in 802.11n and 802.11ac mode, possible values are:
HT20 (single 20MHz channel),
HT40- (2x 20MHz channels, primary/control channel is upper, secondary channel is below)
HT40+ (2x 20MHz channels, primary/control channel is lower, secondary channel is above).
VHT40 / VHT80 / VHT160 (channel width in 802.11ac, extra channels are picked according to the specification)
Cf. why.can.t.i.use.ht40.with.channel.11 and http://hostap.epitest.fi/cgit/hostap/tree/hostapd/hostapd.conf (search for HT40) in the web page.
:!: This option is only used for type mac80211
chanbw integer no 20 Specifies a narrow channel width, possible values are: 5 (5MHz channel), 10 (10MHz channel) or 20 (20MHz channel).
:!: Only supported by the ath9k/ath5k driver (since Attitude Adjustment)
ht_capab string no (driver default) Specifies the available capabilities of the radio. The values are autodetected. See http://hostap.epitest.fi/cgit/hostap/tree/hostapd/hostapd.conf for options (search for ht_capab in web page).
:!: This option is only used for type mac80211
txpower integer no (driver default) Specifies the transmission power in dBm
diversity boolean no 1 Enables or disables the automatic antenna selection by the driver
rxantenna integer no (driver default) Specifies the antenna for receiving, the value may be driver specific, usually it is 1 for the first and 2 for the second antenna. Specifying 0 enables automatic selection by the driver if supported. This option has no effect if diversity is enabled
txantenna integer no (driver default) Specifies the antenna for transmitting, values are identical to rxantenna
antenna string no (driver default) Selects the antenna, possible values are vertical for internal vertical polarization, horizontal for internal horizontal polarization or external to use the external antenna connector
:!: Only used on the Ubiquiti NanoStation device family instead of the rxantenna/txantenna settings.
country varies no (driver default) Specifies the country code, affects the available channels and transmission powers. For type broadcom a two letter country code is used (EN or DE). The madwifi driver expects a numeric code.
country_ie boolean no 1 if country is set, otherwise 0 Enables IEEE 802.11d country IE (information element) advertisement in beacon and probe response frames. This IE contains the country code and channel/power map. Requires country.
distance integer no (driver default) Distance between the ap and the furthest client in meters .
:!: Only supported by madwifi, and the mac80211 type (in trunk)
noscan boolean no 0 Do not scan for overlapping BSSs in HT40+/- mode.
:!: Only supported by mac80211
:!: Turning this on will violate regulatory requirements!
beacon_int integer no 100 (hostapd default) Set the beacon interval. This is the time interval between beacon frames, measured in units of 1.024 ms. hostapd permits this to be set between 15 and 65535. This option only has an effect on ap and adhoc wifi-ifaces.
:!: Only supported by mac80211 (in trunk)
basic_rate list no (hostapd/driver default) Set the supported basic rates. Each basic_rate is measured in kb/s. This option only has an effect on ap and adhoc wifi-ifaces.
:!: Only supported by mac80211 (in trunk)
log_level integer no 2 Set the log_level. Supported levels are: 0 = verbose debugging, 1 = debugging, 2 = informational messages, 3 = notification, 4 = warning

Broadcom Options

:!: The options below are only used by the proprietary Broadcom driver (type broadcom).

Name Type Required Default Description
frameburst boolean no 0 Enables Broadcom frame bursting if supported
maxassoc integer no (driver default) Limits the maximum allowed number of associated clients
slottime integer no (driver default) Slot time in milliseconds

Madwifi Options

:!: The following options are only used by the Madwifi driver (type atheros).

Name Type Required Default Description
softled boolean no 1 Enables software based LED control in the driver
outdoor boolean no 0 Enables outdoor channels in the 5GHz band
regdomain number no (driver default) Overrides the regulatory domain setting

Wifi Networks

A complete wireless configuration contains at least one wifi-iface section per adapter to define a wireless network on top of the hardware. Some drivers support multiple wireless networks per device:

  • broadcom if the core revision is greater or equal 9 (see dmesg | grep corerev)
  • madwifi always supports multiple networks
  • mac80211 STA mode supported on trunk. STA and AP at the same time is not yet supported(r22989).

A minimal example for a wifi-iface declaration is given below.

config 'wifi-iface'
        option 'device'     'wl0'
        option 'network'    'lan'
        option 'mode'       'ap'
        option 'ssid'       'MyWifiAP'
        option 'encryption' 'psk2'
        option 'key'        'secret passphrase'

  • wl0 is the identifier for the underlying radio hardware
  • lan specifies the network interface the wifi is attached to
  • ap is the opetion mode, Access Point in this example
  • MyWifiAP is the broadcasted SSID
  • psk2 specifies the wireless encryption method, WPA2 PSK here
  • secret passphrase is the secret WPA passphrase

Common Options

The most common configuration option for wifi-iface sections are listed below.

Name Type Required Default Description
device string yes (first device id) Specifies the used wireless adapter, must refer to one of the defined wifi-device sections
mode string yes ap Selects the operation mode of the wireless network interface controller (some are supported simultaneously by some drivers):
ap for Access Point,
sta for managed (client) mode,
adhoc for Ad-Hoc,
wds for static WDS,
monitor for monitor mode,
mesh for IEEE 802.11s mesh mode
:!: mesh mode only supported by mac80211 (in trunk)
disabled boolean no 1 When set to 1, wireless network is disabled.
ssid string yes OpenWrt The broadcasted SSID of the wireless network (for managed mode the SSID of the network you're connecting to)
bssid BSSID address no (driver default) Override the BSSID of the network, only applicable in adhoc or sta mode. In wds mode specifies the BSSID of another AP to create WDS with.
mesh_id Mesh ID no none The Mesh ID as defined in IEEE 802.11s. If set, the wireless interface will join this mesh network when brought up. If not, it is necessary to invoke iw <iface> mesh join <mesh_id> to join a mesh after the interface is brought up.
:!: Only supported by mac80211 (in trunk)
hidden boolean no 0 Turns off SSID broadcasting if set to 1
isolate boolean no 0 Isolate wireless clients from each other, only applicable in ap mode. May not be supported in the original Backfire release for mac80211
doth boolean no 0 Enables 802.11h support.
:!: Not supported for the mac80211 type yet
wmm boolean no 1 Enables WMM (802.11e) support. Required for 802.11n support
network string yes lan Specifies the network interface to attach the wireless to
encryption string no none Wireless encryption method. none for an open network, wep for WEP, psk for WPA-PSK, or psk2 for WPA2-PSK. See the WPA modes table for additional possible values.
For an access point in WEP mode, the default is "open system" authentication. Use wep+shared for "shared key" authentication (less secure), wep+open to explicitly use "open system," or wep+mixed to allow either. wep+mixed is only supported by hostapd.
key integer or string no (none) In any WPA-PSK mode, this is a string that specifies the pre-shared passphrase from which the pre-shared key will be derived. If a 64-character hexadecimal string is supplied, it will be used directly as the pre-shared key instead.
In WEP mode, this can be an integer specifying which key index to use (key1, key2, key3, or key4.) Alternatively, it can be a string specifying a passphrase or key directly, as in key1.
In any WPA-Enterprise AP mode, this option has a different interpretation.
key1 string no (none) WEP passphrase or key #1 (selected by the index in key). This string is treated as a passphrase from which the WEP key will be derived. If a 10- or 26-character hexadecimal string is supplied, it will be used directly as the WEP key instead.
key2 string no (none) WEP passphrase or key #2 (selected by the index in key), as in key1.
key3 string no (none) WEP passphrase or key #3 (selected by the index in key), as in key1.
key4 string no (none) WEP passphrase or key #4 (selected by the index in key), as in key1.
macfilter string no disable Specifies the mac filter policy, disable to disable the filter, allow to treat it as whitelist or deny to treat it as blacklist.
:!: Supported for the mac80211 since r25105
maclist list of MAC addresses no (none) List of MAC addresses (divided by spaces) to put into the mac filter.
iapp_interface string no (none) Specifies a network interface to be used for 802.11f (IAPP) - only enabled when defined.
rsn_preauth boolean no 0 Allow preauthentication for WPA2-EAP networks (and advertise it in WLAN beacons). Only works if the specified network interface is a bridge.
ieee80211w integer no 0 Enables MFP (802.11w) support (0 = disabled, 1 = optional, 2 = required).
:!: Only supported by the ath9k driver (in trunk)
ieee80211w_max_timeout integer no (hostapd default) Specifies the 802.11w Association SA Query maximum timeout.
:!: Only supported by the ath9k driver (in trunk)
ieee80211w_retry_timeout integer no (hostapd default) Specifies the 802.11w Association SA Query retry timeout .
:!: Only supported by the ath9k driver (in trunk)
maxassoc integer no (hostapd/driver default) Specifies the maximum number of clients to connect.
macaddr mac address no (hostapd/driver default) Overrides the MAC address used for the wifi interface.
dtim_period integer no 2 (hostapd default) Set the DTIM (delivery traffic information message) period. There will be one DTIM per this many beacon frames. This may be set between 1 and 255. This option only has an effect on ap wifi-ifaces.
:!: Only supported by mac80211 (in trunk)
short_preamble boolean no 1 Set optional use of short preamble
:!: Supported for the mac80211 since r35565
max_listen_int integer no 65535 (hostapd default) Set the maximum allowed STA (client) listen interval. Association will be refused if a STA attempts to associate with a listen interval greater than this value. This option only has an effect on ap wifi-ifaces.
:!: Only supported by mac80211 (in trunk)
mcast_rate integer no (driver default) Sets the fixed multicast rate, measured in kb/s.
:!: Only supported by madwifi, and mac80211 (for type adhoc in trunk)
:!: See the WPA tables below for a full listing of WPA related options used for WPA2 Enterprise (802.1x)
:!: See the WPS Options below for a full listing of Wi-Fi Protected Setup options.
wds boolean no 0 This sets 4-address mode

Madwifi Options

:!: The options in the table below only work with type atheros.

Name Type Required Default Description
ar boolean no 0 Enables AR support
bgscan boolean no 0 Enables background scanning
bursting boolean no 0 Enables frame bursting
compression boolean no 0 Enables hardware compression
ff boolean no 0 Enables fast frames
frag integer no (none) Fragmentation threshold
minrate integer no (driver default) Limit the minimum rate used
maxrate integer no (driver default) Limit the maximum rate used
nosbeacon boolean no 0 Disables the hardware beacon timer, only applicable in Managed mode
sw_merge boolean no 0 Disables the hardware beacon timer, only applicable in IBSS mode
probereq boolean no 1 Enables probe responses (AP will not appear in wifi scans if disabled)
rate integer no (driver default) Use a fixed rate
rts integer no (driver default) Override the RTS/CTS threshold
turbo boolean no 0 Enables turbo mode
uapsd boolean no 0 Enables Unscheduled Automatic Power Save Delivery (UAPSD)
wds boolean no 0 Enables Lazy-WDS, only applicable in Access Point or Managed mode
wdssep boolean no 0 Separates WDS clients from each other
xr boolean no 0 Enables XR support, only applicable in Managed mode

WPA Modes

Besides the WPA mode, the encryption option also specifies the group and peer ciphers to use. To override the cipher, the value of encryption must be given in the form mode+cipher. See the listing below for possible combinations. If the hwmode of the interface is set to ng or na, then the CCMP cipher is always added to the list.

Value WPA Version Ciphers
psk2+tkip+ccmp
psk2+tkip+aes
WPA2 Personal (PSK) TKIP, CCMP
psk2+tkip WPA2 Personal (PSK) TKIP
psk2+ccmp
psk2+aes
psk2
WPA2 Personal (PSK) CCMP
psk+tkip+ccmp
psk+tkip+aes
WPA Personal (PSK) TKIP, CCMP
psk+tkip
psk
WPA Personal (PSK) TKIP
psk+ccmp
psk+aes
WPA Personal (PSK) CCMP
mixed-psk+tkip+ccmp
mixed-psk+tkip+aes
mixed-psk
WPA/WPA2 Personal (PSK) mixed mode TKIP, CCMP
mixed-psk+tkip WPA/WPA2 Personal (PSK) mixed mode TKIP
mixed-psk+ccmp
mixed-psk+aes
WPA/WPA2 Personal (PSK) mixed mode CCMP
wpa2+tkip+ccmp
wpa2+tkip+aes
WPA2 Enterprise TKIP, CCMP
wpa2+ccmp
wpa2+aes
wpa2
WPA2 Enterprise CCMP
wpa2+tkip WPA2 Enterprise TKIP
wpa+tkip+ccmp
wpa+tkip+aes
WPA Enterprise TKIP, CCMP
wpa+ccmp
wpa+aes
WPA Enterprise CCMP
wpa+tkip
wpa
WPA Enterprise TKIP
mixed-wpa+tkip+ccmp
mixed-wpa+tkip+aes
mixed-wpa
WPA/WPA2 Enterprise mixed mode TKIP, CCMP
mixed-wpa+tkip WPA/WPA2 Enterprise mixed mode TKIP
mixed-wpa+ccmp
mixed-wpa+aes
WPA/WPA2 Enterprise mixed mode CCMP

WPA Enterprise (Access Point)

Listing of Access Point related options for WPA Enterprise.

Name Default Description
server (none) RADIUS server to handle client authentication
port 1812 RADIUS port
key (none) Shared RADIUS secret
wpa_group_rekey 600 WPA Group Cipher rekeying interval in seconds
:!: The options below are for hostapd (not the Broadcom nas authenticator)
auth_server (none) RADIUS authentication server to handle client authentication
auth_port 1812 RADIUS authentication port
auth_secret (none) Shared authentication RADIUS secret
auth_cache 0 Disable or enable PMKSA and Opportunistic Key Caching
acct_server (none) RADIUS accounting server to handle client authentication
acct_port 1813 RADIUS accounting port
acct_secret (none) Shared accounting RADIUS secret
nasid (none) NAS ID to use for RADIUS authentication requests
dae_client (none) Dynamic Authorization Extension client. This client can send "Disconnect-Request" or "CoA-Request" packets to forcibly disconnect a client or change connection parameters.
dae_port 3799 Port the Dynamic Authorization Extension server listens on.
dae_secret (none) Shared DAE secret.

:!: The dae options were introduced in r37734

:!: To enable Dynamic Authorization Extensions, both dae_client and dae_secret must be set.

WPA Enterprise (Client)

Listing of Client related options for WPA Enterprise.

Name Default Description
eap_type (none) Defines the EAP protocol to use, possible values are tls for EAP-TLS and peap or ttls for EAP-PEAP
auth MSCHAPV2 Defines the phase 2 authentication method to use, only applicable if eap_type is peap or ttls
identity (none) EAP identity to send during authentication
password (none) Password to send during EAP authentication
ca_cert (none) Specifies the path the CA certificate used for authentication
client_cert (none) Specifies the client certificate used for the authentication
priv_key (none) Specifies the path to the private key file used for authentication, only applicable if eap_type is set to tls
priv_key_pwd (none) Password to unlock the private key file, only works in conjunction with priv_key

WPS Options

Listing of Wi-Fi Protected Setup related options.

:!: Support for WPS is provided by packages wpad and hostapd-utils. Default package wpad-mini is not enough.

:!: WPS is possible only when encryption PSK is selected.

:!: Some package is not correctly generated and hostapd_cli doesn't support command wps_pbc. See this thread for further details.
Fixed with changeset 33393.

Name Type Required Default Description
wps_config list no (none) List of configuration methods.
Available methods: usba ethernet label display ext_nfc_token int_nfc_token nfc_interface push_button keypad virtual_display physical_display virtual_push_button physical_push_button.
Supported methods: push_button.
wps_device_name string no OpenWrt AP User-friendly description of device; up to 32 octets encoded in UTF-8.
wps_device_type string no 6-0050F204-1 Primary device type. Examples:
1-0050F204-1 (Computer / PC)
1-0050F204-2 (Computer / Server)
5-0050F204-1 (Storage / NAS)
6-0050F204-1 (Network Infrastructure / AP)
wps_label boolean no 0 Enable label configuration method.
wps_manufacturer string no openwrt.org The manufacturer of the device (up to 64 ASCII characters).
wps_pbc boolean no 0 Enable push-button configuration method.

Configuring Encryption

OpenWrt supports WPA/WPA2 PSK ("WPA Personal"), 802.11i ("WPA Enterprise") and WEP encryption. The used encryption protocol is defined per network in the wifi-iface sections of the wireless configuration.

All encryption settings can also be changed via the LuCI (Network > Wifi).

→ Read more...

Start/Stop Wireless

Wireless interfaces are brought up and down with the wifi command. To (re)start the wireless after a configuration change, use wifi, to disable the wireless, run wifi down. In case your platform carries multiple wireless devices it is possible to start or run down each of them individually by making the wifi command be followed by the device name as a second parameter. Note: The wifi command has an optional first parameter that defaults to 'up' , i.e. start the device. To make the second parameter indeed a second parameter it is mandatory to give a first parameter which can be anything except down. E.g. to start the interface wlan2 issue: wifi up wlan2; to stop that interface: wifi down wlan2. If the platform has also e.g. wlan0 and wlan1 these will not be touched by stopping or starting wlan2 selectively.

Regenerate Configuration

To rebuild the configuration file, e.g. after installing a new wireless driver, remove the existing wireless configuration (if any) and use the wifi detect command with stdout redirected to the /etc/config/wireless file:

rm -f /etc/config/wireless wifi detect > /etc/config/wireless

wifi detect gives UCI configuration entries for all installed interfaces that do not have UCI entries in /etc/config/wireless. So you can remove /etc/config/wireless and run the above again to reset your wifi configuration.

40 MHz channel width (up to 300 Mbps) for 802.11n devices ONLY

The default max channel with of 20MHz supports a max speed of 130Mbps. Increasing this to 40MHz will increase the maximum theoretical speed to 300Mbps.

The catch is that in areas with a lot of wifi traffic (and Bluetooth etc. which share the same radio frequencies), 40MHz may decrease your overall speed. Devices should detect interference when using 40MHz , and drop back to 20MHz. YMMV.

Edit the file /etc/config/wireless, and restart the wifi AP by executing the following commands…

  uci set wireless.radio0.htmode=HT40+  # or: HT40- if using channel 11
  uci commit wireless; wifi

Note that option 'htmode' should be set to either HT40+ (for channels 1-7) or HT40- (for channels 5-11). You have to use WPA2 encryption with AES.

For an explanation of the HT40+ vs. HT40- options, and other related information (e.g. for use of 5GHz band channels) see: http://hostap.epitest.fi/cgit/hostap/tree/hostapd/hostapd.conf.

Notes

Currently, many members of the mac80211 family of wifi drivers do not support DFS (and OpenWRT doesn't current support enabling it at all). DFS is designed to stop wifi interfering with radar and circumventing DFS restrictions are nearly always illegal (and may even endanger others lives by harming the performance of things like air traffic control radar). DFS is mandatory for many channels in the 5GHz band in many countries. If you provide a channel in your wireless config that requires DFS according to your country regulations, the 5GHz radio device won't start up. You can check that with

iw reg get
If you provided DE as your country code (Germany), you'll notice that all channels in the 5GHz band require DFS, so you won't be able to use the 5GHz device with openwrt. A "workaround" is to choose another country such as FR, instead. This enables channels 36, 40, 44 and 48 at least. It is usually illegal to use a foreign country code. Note: The output of iw reg get gives you just the frequencies. Matching them to channels may be done via
iwlist wlan1 chan
or by refering to http://en.wikipedia.org/wiki/List_of_WLAN_channels#5.C2.A0GHz_.28802.11a.2Fh.2Fj.2Fn.2Fac.29.5B16.5D Adjust other wireless settings as appropriate.

AS OF 2014-04-23, THE 5 GHz WIRELESS INTERFACE WILL NOT COME UP UNLESS YOU CONFIGURE THE CHANNELS AS DESCRIBED ABOVE. See https://dev.openwrt.org/ticket/14867 for progress.

After saving your wireless config, execute this command to force the system to reread the configs and bring up the radios:

wifi

DFS on 5GHz

DFS is supported in AP / master mode in ath9k in Barrier Breaker (TODO: since svn ??? ). Patches for IBSS / Ad-Hoc mode were posted in linux-wireless mailing list: 2013-09-03 [PATCH 0/4] add IBSS-DFS support.

Output of iw phy <5ghz> info

		Frequencies:
			* 5180 MHz [36] (15.0 dBm)
			* 5200 MHz [40] (19.0 dBm)
			* 5220 MHz [44] (15.0 dBm)
			* 5240 MHz [48] (15.0 dBm)
			* 5260 MHz [52] (15.0 dBm) (radar detection)
			  DFS state: usable (for 2731982 sec)
			* 5280 MHz [56] (15.0 dBm) (radar detection)
			  DFS state: usable (for 2731982 sec)
			* 5300 MHz [60] (15.0 dBm) (radar detection)
			  DFS state: usable (for 2731982 sec)
			* 5320 MHz [64] (15.0 dBm) (radar detection)
			  DFS state: usable (for 2731982 sec)
			* 5500 MHz [100] (15.0 dBm) (radar detection)
			  DFS state: usable (for 2731982 sec)
			* 5520 MHz [104] (19.0 dBm) (radar detection)
			  DFS state: usable (for 2731982 sec)

Troubleshooting

Examples

Back to top

doc/uci/wireless.txt · Last modified: 2014/04/23 12:17 by timsmall