Differences

This shows you the differences between two versions of the page.

doc:uci:wireless [2012/11/22 15:04]
the2masters document log_level option
doc:uci:wireless [2014/07/25 00:44] (current)
bdheaton WPA-Ent "auth" option doesn't list the required contents of the option to work with MS AD NPS servers using PEAP
Line 2: Line 2:
The wireless UCI configuration is located in ''/etc/config/wireless''. Learn about the entire [[doc:howto:wireless.overview|IEEE 802.11 "wireless" subsystem]]. The wireless UCI configuration is located in ''/etc/config/wireless''. Learn about the entire [[doc:howto:wireless.overview|IEEE 802.11 "wireless" subsystem]].
-| {{:meta:icons:tango:dialog-information.png?nolink}} | **''Note1:''** By default the wireless is **OFF**. You can turn it on in the ''/etc/config/wireless'' by changing ''disabled 1'' to ''disabled 0''\\ In UCI CLI you do this with: <code>uci set wireless.@wifi-device[0].disabled=0; uci commit wireless; wifi</code>  **''Note2:''** In case your image does not contain the driver for your wireless chipset, simply install them with ''[[doc:techref:opkg]]'' and proceed with [[#regenerate.configuration|Regenerate Configuration]]. |+| {{:meta:icons:tango:dialog-information.png?nolink}} | **''Note1:''** By default the wireless is **OFF**. You can turn it on in the ''/etc/config/wireless'' by changing ''disabled 1'' to ''disabled 0''\\ In UCI CLI you do this with: <code>uci set wireless.@wifi-device[0].disabled=0; uci commit wireless; wifi</code>  **''Note2:''** If your device contains multiple radios (e.g. some dual-band devices), then you'll need to enabled each device in-turn - list disabled devices with <code>uci show wireless | grep disabled</code> **''Note3:''** In case your image does not contain the driver for your wireless chipset, simply install them with ''[[doc:techref:opkg]]'' and proceed with [[#regenerate.configuration|Regenerate Configuration]]. |
Line 11: Line 11:
==== Wifi Devices ==== ==== Wifi Devices ====
-The ''wifi-device'' refer to physical radio devices present on the system. The options present in this section describe properties common accross all wireless networks on this radio interface, such as channel or antenna selection.+The ''wifi-device'' refer to physical radio devices present on the system. The options present in this section describe properties common across all wireless networks on this radio interface, such as channel or antenna selection.
In most cases there is only one radio adapter present on the device, so only one such section is defined, however on multi-radio hardware there may be multiple ''wifi-device'' sections - each referring to a different adapter. In most cases there is only one radio adapter present on the device, so only one such section is defined, however on multi-radio hardware there may be multiple ''wifi-device'' sections - each referring to a different adapter.
Line 32: Line 32:
^ Name ^ Type ^ Required ^ Default ^ Description ^ ^ Name ^ Type ^ Required ^ Default ^ Description ^
-| ''type'' | string | yes | //(autodetected)// | The ''type'' is determined on firstboot during the initial radio device detection - it is usually not required to change it. Used values are ''broadcom'' on brcm-2.4, ''atheros'' for madwifi or ''mac80211'' for b43, ath5k and ath9k | +| ''type'' | string | yes | //(autodetected)// | The ''type'' is determined on firstboot during the initial radio device detection - it is usually not required to change it. Used values are ''broadcom'' on brcm47xx, or ''mac80211'' for b43, ath5k and ath9k | 
-| ''phy'' | string | no/yes | //(autodetected)// | Specifies the radio phy associated to this section, it is usally autodetected and should not be changed. By default openwrt uses ''macaddr'' to identify the radio (more precise) but you can use ''phy'' instead, to be more hardware independant.\\ :!: **This option is only used for type ''mac80211'' and ''madwifi'' (trunk)** +| ''phy'' | string | no/yes | //(autodetected)// | Specifies the radio phy associated to this section. If present, it is usually autodetected and should not be changed. | 
-| ''macaddr'' | MAC address | yes/no | //(autodetected)// | Specifies the radio adapter associated to this section, it is //not// used to change the device mac but to identify the underlying interface. The value is autodetected at first boot or when you use ''phy'' parameter. If you wan't an hardware independant config (to restore the config on many routers) you should use ''phy'' parameter instead of ''macaddr''.\\ :!: **This option is only used for type ''mac80211'' and ''madwifi'' (trunk)** +| ''macaddr'' | MAC address | yes/no | //(autodetected)// | Specifies the radio adapter associated to this section, it is //not// used to change the device mac but to identify the underlying interface. | 
-| ''disabled'' | boolean | no | ''1'' | Disables the radio adapter if set to ''1''. Removing this option or setting it to ''0'' will enable the adapter | +| ''disabled'' | boolean | no | ''0'' | Disables the radio adapter if set to ''1''. Removing this option or setting it to ''0'' will enable the adapter | 
-| ''channel'' | integer or "auto" | yes | ''auto'' | Specifies the wireless channel to use. In station mode the value ''auto'' is allowed, in access point mode an actual channel number must be given +| ''channel'' | integer or "auto" | yes | ''auto'' | Specifies the wireless channel to use. | 
-| ''hwmode'' | string | no | //(driver default)// | Selects the wireless protocol to use, possible values are ''11b'', ''11bg'', ''11g'', ''11gdt'' (G + dynamic turbo, madwifi only), ''11gst'' (G turbo, broadcom only), ''11a'', ''11adt'' (A + dynamic turbo, madwifi only), ''11ast'' (A + static turbo, madwifi only), ''11fh'' (frequency hopping), ''11lrs'' (LRS mode, broadcom only), ''11ng'' (11N+11G, 2.4GHz, mac80211 only), ''11na'' (11N+11A, 5GHz, mac80211 only) or ''auto'' +| ''hwmode'' | string | no | //(driver default)// | Selects the wireless protocol to use, possible values are ''11b'', ''11g'', ''11a'', ''11ng'' (11N+11G, 2.4GHz, mac80211 only), ''11na'' (11N+11A, 5GHz, mac80211 only) | 
-| ''htmode'' | string | no | //(driver default)// | Specifies the channel width in ''11ng'' and ''11na'' mode, possible values are: ''HT20'' (single 20MHz channel), ''HT40-'' (2x 20MHz channels, primary/control channel is upper, secondary channel is below) or ''HT40+'' (2x 20MHz channels, primary/control channel is lower, secondary channel is above). Cf. [[doc/faq/faq.wireless#why.can.t.i.use.ht40.with.channel.11]]. \\ :!: **This option is only used for type ''mac80211''** |+| ''htmode'' | string | no | //(driver default)// | Specifies the channel width in 802.11n and 802.11ac mode, possible values are:\\ ''HT20'' (single 20MHz channel),\\ ''HT40-'' (2x 20MHz channels, primary/control channel is upper, secondary channel is below)\\ ''HT40+'' (2x 20MHz channels, primary/control channel is lower, secondary channel is above).\\ ''VHT20'' / ''VHT40'' / ''VHT80'' / ''VHT160'' (channel width in 802.11ac, extra channels are picked according to the specification) \\ Cf. [[doc/faq/faq.wireless#why.can.t.i.use.ht40.with.channel.11]] and [[http://hostap.epitest.fi/cgit/hostap/tree/hostapd/hostapd.conf]] (search for HT40) in the web page. \\ :!: **This option is only used for type ''mac80211''** |
| ''chanbw'' | integer | no | 20 | Specifies a narrow channel width, possible values are: ''5'' (5MHz channel), ''10'' (10MHz channel) or ''20'' (20MHz channel). \\ :!: **Only supported by the ''ath9k''/''ath5k'' driver (since Attitude Adjustment)** | | ''chanbw'' | integer | no | 20 | Specifies a narrow channel width, possible values are: ''5'' (5MHz channel), ''10'' (10MHz channel) or ''20'' (20MHz channel). \\ :!: **Only supported by the ''ath9k''/''ath5k'' driver (since Attitude Adjustment)** |
-| ''ht_capab'' | string | no | //(driver default)// | Specifies the available capabilities of the radio. The values are autodetected.\\ :!: **This option is only used for type ''mac80211''** |+| ''ht_capab'' | string | no | //(driver default)// | Specifies the available capabilities of the radio. The values are autodetected.  See [[http://hostap.epitest.fi/cgit/hostap/tree/hostapd/hostapd.conf]] for options (search for ht_capab in web page). \\ :!: **This option is only used for type ''mac80211''** |
| ''txpower'' | integer | no | //(driver default)// | Specifies the //transmission power in dBm// | | ''txpower'' | integer | no | //(driver default)// | Specifies the //transmission power in dBm// |
| ''diversity'' | boolean | no | ''1'' | Enables or disables the automatic antenna selection by the driver | | ''diversity'' | boolean | no | ''1'' | Enables or disables the automatic antenna selection by the driver |
Line 46: Line 46:
| ''txantenna'' | integer | no | //(driver default)// | Specifies the //antenna for transmitting//, values are identical to ''rxantenna'' | | ''txantenna'' | integer | no | //(driver default)// | Specifies the //antenna for transmitting//, values are identical to ''rxantenna'' |
| ''antenna'' | string | no | //(driver default)//| Selects the antenna, possible values are ''vertical'' for internal vertical polarization, ''horizontal'' for internal horizontal polarization or ''external'' to use the external antenna connector\\ :!: **Only used on the [[toh:ubiquiti::nanostation|Ubiquiti NanoStation]] device family instead of the rxantenna/txantenna settings.** | | ''antenna'' | string | no | //(driver default)//| Selects the antenna, possible values are ''vertical'' for internal vertical polarization, ''horizontal'' for internal horizontal polarization or ''external'' to use the external antenna connector\\ :!: **Only used on the [[toh:ubiquiti::nanostation|Ubiquiti NanoStation]] device family instead of the rxantenna/txantenna settings.** |
-| ''macfilter'' | string | no | ''disable'' | Specifies the //mac filter policy//, ''disable'' to disable the filter, ''allow'' to treat it as whitelist or ''deny'' to treat it as blacklist.\\ :!: **Supported for the ''mac80211'' since [[https://dev.openwrt.org/changeset/25105/trunk|r25105]]** | +| ''country'' | varies | no | //(driver default)// | Specifies the country code, affects the available channels and transmission powers. For type ''broadcom'' a two letter country code is used (''EN'' or ''DE''). The ''madwifi'' driver expects a numeric code.
-| ''maclist'' | list of MAC addresses | no | //(none)// | List of MAC addresses to put into the mac filter.\\ :!: **Supported for the ''mac80211'' since [[https://dev.openwrt.org/changeset/25105/trunk|r25105]]** | +| ''country_ie'' | boolean | no | 1 if ''country'' is set, otherwise 0 | Enables IEEE 802.11d country IE (information element) advertisement in beacon and probe response frames. This IE contains the country code and channel/power map. Requires ''country''. |
-| ''country'' | varies | no | //(driver default)// | Specifies the country code, affects the available channels and transmission powers. For type ''broadcom'' a two letter country code is used (''EN'' or ''DE''). The ''madwifi'' driver expects a numeric code.\\ :!: **Not supported for the ''mac80211'' type yet (supported in trunk)** |+
| ''distance'' | integer | no | //(driver default)// | Distance between the ap and the furthest client in meters .\\ :!: **Only supported by ''madwifi'',  and the ''mac80211'' type (in trunk)**| | ''distance'' | integer | no | //(driver default)// | Distance between the ap and the furthest client in meters .\\ :!: **Only supported by ''madwifi'',  and the ''mac80211'' type (in trunk)**|
| ''noscan'' | boolean | no | ''0'' | Do not scan for overlapping BSSs in HT40+/- mode.\\ :!: **Only supported by ''mac80211''** \\ :!: **Turning this on will violate regulatory requirements!** | | ''noscan'' | boolean | no | ''0'' | Do not scan for overlapping BSSs in HT40+/- mode.\\ :!: **Only supported by ''mac80211''** \\ :!: **Turning this on will violate regulatory requirements!** |
| ''beacon_int'' | integer | no | //100 (hostapd default)// | Set the beacon interval. This is the time interval between beacon frames, measured in units of 1.024 ms. hostapd permits this to be set between 15 and 65535. This option only has an effect on ''ap'' and ''adhoc'' wifi-ifaces. \\ :!: **Only supported by ''mac80211'' (in trunk)** | | ''beacon_int'' | integer | no | //100 (hostapd default)// | Set the beacon interval. This is the time interval between beacon frames, measured in units of 1.024 ms. hostapd permits this to be set between 15 and 65535. This option only has an effect on ''ap'' and ''adhoc'' wifi-ifaces. \\ :!: **Only supported by ''mac80211'' (in trunk)** |
| ''basic_rate'' | list | no | //(hostapd/driver default)// | Set the supported basic rates. Each basic_rate is measured in kb/s. This option only has an effect on ''ap'' and ''adhoc'' wifi-ifaces. \\ :!: **Only supported by ''mac80211'' (in trunk)** | | ''basic_rate'' | list | no | //(hostapd/driver default)// | Set the supported basic rates. Each basic_rate is measured in kb/s. This option only has an effect on ''ap'' and ''adhoc'' wifi-ifaces. \\ :!: **Only supported by ''mac80211'' (in trunk)** |
 +| ''require_mode'' | string | no | //none// | (AP mode) Set the minimum mode that connecting clients need to support to be allowed to connect. Supported values: g = 802.11g, n = 802.11n, ac = 802.11ac |
| ''log_level'' | integer | no | 2 | Set the log_level. Supported levels are: 0 = verbose debugging, 1 = debugging, 2 = informational messages, 3 = notification, 4 = warning | | ''log_level'' | integer | no | 2 | Set the log_level. Supported levels are: 0 = verbose debugging, 1 = debugging, 2 = informational messages, 3 = notification, 4 = warning |
Line 105: Line 105:
^ Name ^ Type ^ Required ^ Default ^ Description ^ ^ Name ^ Type ^ Required ^ Default ^ Description ^
| ''device'' | string | yes | //(first device id)// | Specifies the used wireless adapter, must refer to one of the defined ''wifi-device'' sections | | ''device'' | string | yes | //(first device id)// | Specifies the used wireless adapter, must refer to one of the defined ''wifi-device'' sections |
-| ''mode'' | string | yes | ''ap'' | Selects the //operation mode// of the wireless network, ''ap'' for Access Point, ''sta'' for managed (client) mode, ''adhoc'' for Ad-Hoc, ''wds'' for static WDS and ''monitor'' for monitor mode, ''mesh'' for 802.11s mesh mode \\ :!: **''mesh'' mode only supported by ''mac80211'' (in trunk)**|+| ''mode'' | string | yes | ''ap'' | Selects the //[[http://wireless.kernel.org/en/users/Documentation/modes|operation mode]]// of the wireless network interface controller (some are supported simultaneously by some drivers):\\ ''ap'' for Access Point,\\ ''sta'' for managed (client) mode,\\ ''adhoc'' for Ad-Hoc,\\ ''wds'' for static WDS, \\ ''monitor'' for monitor mode,\\ ''mesh'' for [[wp>IEEE 802.11s]] mesh mode\\ :!: **''mesh'' mode only supported by ''mac80211'' (in trunk)**|
| ''disabled'' | boolean | no | ''1'' | When set to 1, wireless network is disabled. | | ''disabled'' | boolean | no | ''1'' | When set to 1, wireless network is disabled. |
-| ''ssid'' | string | yes | ''OpenWrt'' | The broadcasted SSID of the wireless network |+| ''ssid'' | string | yes | ''OpenWrt'' | The broadcasted SSID of the wireless network (for managed mode the SSID of the network you're connecting to) |
| ''bssid'' | BSSID address | no | //(driver default)// | Override the BSSID of the network, only applicable in ''adhoc'' or ''sta'' mode. In ''wds'' mode specifies the BSSID of another AP to create WDS with. | | ''bssid'' | BSSID address | no | //(driver default)// | Override the BSSID of the network, only applicable in ''adhoc'' or ''sta'' mode. In ''wds'' mode specifies the BSSID of another AP to create WDS with. |
| ''mesh_id'' | Mesh ID | no | none | The Mesh ID as defined in IEEE 802.11s.  If set, the wireless interface will join this mesh network when brought up.  If not, it is necessary to invoke ''iw <iface> mesh join <mesh_id>'' to join a mesh after the interface is brought up. \\ :!: **Only supported by ''mac80211'' (in trunk)**| | ''mesh_id'' | Mesh ID | no | none | The Mesh ID as defined in IEEE 802.11s.  If set, the wireless interface will join this mesh network when brought up.  If not, it is necessary to invoke ''iw <iface> mesh join <mesh_id>'' to join a mesh after the interface is brought up. \\ :!: **Only supported by ''mac80211'' (in trunk)**|
Line 121: Line 121:
| ''key3'' | string | no | //(none)// | WEP passphrase or key #3 (selected by the index in ''key''), as in ''key1''. | | ''key3'' | string | no | //(none)// | WEP passphrase or key #3 (selected by the index in ''key''), as in ''key1''. |
| ''key4'' | string | no | //(none)// | WEP passphrase or key #4 (selected by the index in ''key''), as in ''key1''. | | ''key4'' | string | no | //(none)// | WEP passphrase or key #4 (selected by the index in ''key''), as in ''key1''. |
-| ''iapp_interface'' | string | no | //(none)// | specify an //[[doc:uci:network#interfaces|interface]]// which used for 802.11f (IAPP) - only enabled when defined. |+| ''macfilter'' | string | no | ''disable'' | Specifies the //mac filter policy//, ''disable'' to disable the filter, ''allow'' to treat it as whitelist or ''deny'' to treat it as blacklist.\\ :!: **Supported for the ''mac80211'' since [[https://dev.openwrt.org/changeset/25105/trunk|r25105]]** | 
 +| ''maclist'' | list of MAC addresses | no | //(none)// | List of MAC addresses (divided by spaces) to put into the mac filter. | 
 +| ''iapp_interface'' | string | no | //(none)// | Specifies a [[doc:uci:network#interfaces|network interface]] to be used for 802.11f (IAPP) - only enabled when defined. |
| ''rsn_preauth'' | boolean | no | ''0'' | Allow preauthentication for WPA2-EAP networks (and advertise it in WLAN beacons). Only works if the specified network interface is a bridge. | | ''rsn_preauth'' | boolean | no | ''0'' | Allow preauthentication for WPA2-EAP networks (and advertise it in WLAN beacons). Only works if the specified network interface is a bridge. |
-| ''ieee80211d'' | integer | no | ''0'' | Enables IEEE 802.11d country IE (information element) advertisement in beacon and probe response frames. This IE contains the country code and channel/power map. Requires ''country''. | 
| ''ieee80211w'' | integer | no | ''0'' | Enables MFP (802.11w) support (0 = disabled, 1 = optional, 2 = required).\\ :!: **Only supported by the ''ath9k'' driver (in trunk)**| | ''ieee80211w'' | integer | no | ''0'' | Enables MFP (802.11w) support (0 = disabled, 1 = optional, 2 = required).\\ :!: **Only supported by the ''ath9k'' driver (in trunk)**|
| ''ieee80211w_max_timeout'' | integer | no | //(hostapd default)// | Specifies the 802.11w Association SA Query maximum timeout.\\ :!: **Only supported by the ''ath9k'' driver (in trunk)** | | ''ieee80211w_max_timeout'' | integer | no | //(hostapd default)// | Specifies the 802.11w Association SA Query maximum timeout.\\ :!: **Only supported by the ''ath9k'' driver (in trunk)** |
Line 130: Line 131:
| ''macaddr'' | mac address | no | //(hostapd/driver default)// | Overrides the MAC address used for the wifi interface. | | ''macaddr'' | mac address | no | //(hostapd/driver default)// | Overrides the MAC address used for the wifi interface. |
| ''dtim_period'' | integer | no | //2 (hostapd default)// | Set the DTIM (delivery traffic information message) period. There will be one DTIM per this many beacon frames. This may be set between 1 and 255. This option only has an effect on ''ap'' wifi-ifaces. \\ :!: **Only supported by ''mac80211'' (in trunk)** | | ''dtim_period'' | integer | no | //2 (hostapd default)// | Set the DTIM (delivery traffic information message) period. There will be one DTIM per this many beacon frames. This may be set between 1 and 255. This option only has an effect on ''ap'' wifi-ifaces. \\ :!: **Only supported by ''mac80211'' (in trunk)** |
 +| ''short_preamble'' | boolean | no | //1// | Set optional use of short preamble \\ :!: **Supported for the ''mac80211'' since [[https://dev.openwrt.org/changeset/35565/trunk|r35565]]** |
| ''max_listen_int'' | integer | no | //65535 (hostapd default)// | Set the maximum allowed STA (client) listen interval. Association will be refused if a STA attempts to associate with a listen interval greater than this value. This option only has an effect on ''ap'' wifi-ifaces. \\ :!: **Only supported by ''mac80211'' (in trunk)** | | ''max_listen_int'' | integer | no | //65535 (hostapd default)// | Set the maximum allowed STA (client) listen interval. Association will be refused if a STA attempts to associate with a listen interval greater than this value. This option only has an effect on ''ap'' wifi-ifaces. \\ :!: **Only supported by ''mac80211'' (in trunk)** |
| ''mcast_rate'' | integer | no | //(driver default)// | Sets the fixed multicast rate, measured in kb/s. \\ :!: **Only supported by ''madwifi'', and ''mac80211'' (for type ''adhoc'' in trunk)** | | ''mcast_rate'' | integer | no | //(driver default)// | Sets the fixed multicast rate, measured in kb/s. \\ :!: **Only supported by ''madwifi'', and ''mac80211'' (for type ''adhoc'' in trunk)** |
| :!: See the [[doc:uci:wireless#WPA.Modes|WPA tables]] below for a full listing of WPA related options used for WPA2 Enterprise (802.1x) ||||| | :!: See the [[doc:uci:wireless#WPA.Modes|WPA tables]] below for a full listing of WPA related options used for WPA2 Enterprise (802.1x) |||||
| :!: See the [[doc:uci:wireless#WPS.Options|WPS Options]] below for a full listing of //Wi-Fi Protected Setup// options. ||||| | :!: See the [[doc:uci:wireless#WPS.Options|WPS Options]] below for a full listing of //Wi-Fi Protected Setup// options. |||||
 +| ''wds'' | boolean | no | ''0'' | This sets [[http://wireless.kernel.org/en/users/Documentation/iw#Using_4-address_for_AP_and_client_mode|4-address mode]] |
=== Madwifi Options === === Madwifi Options ===
Line 163: Line 166:
Besides the WPA mode, the ''encryption'' option also specifies the group and peer ciphers to use. Besides the WPA mode, the ''encryption'' option also specifies the group and peer ciphers to use.
To override the cipher, the value of ''encryption'' must be given in the form ''mode+cipher''. To override the cipher, the value of ''encryption'' must be given in the form ''mode+cipher''.
-See the listing below for possible combinations.+See the listing below for possible combinations. If the ''hwmode'' of the interface is set to ''ng'' or ''na'', then the ''CCMP'' cipher is always added to the list.
^ Value ^ WPA Version ^ Ciphers ^ ^ Value ^ WPA Version ^ Ciphers ^
Line 203: Line 206:
| ''acct_secret'' | //(none)// | Shared accounting RADIUS secret | | ''acct_secret'' | //(none)// | Shared accounting RADIUS secret |
| ''nasid'' | //(none)// | NAS ID to use for RADIUS authentication requests | | ''nasid'' | //(none)// | NAS ID to use for RADIUS authentication requests |
 +| ''ownip'' | //(none)// | NAS IP Address to use for RADIUS authentication requests - introduced in [[https://dev.openwrt.org/changeset/40934/trunk|r40934]] |
 +| ''dae_client'' | //(none)// | Dynamic Authorization Extension client. This client can send "Disconnect-Request" or "CoA-Request" packets to forcibly disconnect a client or change connection parameters. |
 +| ''dae_port'' | ''3799'' | Port the Dynamic Authorization Extension server listens on. |
 +| ''dae_secret'' | //(none)// | Shared DAE secret. |
 +:!: The ''dae'' options were introduced in [[https://dev.openwrt.org/changeset/37734/trunk|r37734]]
 +
 +:!: To enable Dynamic Authorization Extensions, both ''dae_client'' and ''dae_secret'' must be set.
=== WPA Enterprise (Client) === === WPA Enterprise (Client) ===
Line 211: Line 221:
^ Name ^ Default ^ Description ^ ^ Name ^ Default ^ Description ^
| ''eap_type'' | //(none)// | Defines the EAP protocol to use, possible values are ''tls'' for EAP-TLS and ''peap'' or ''ttls'' for EAP-PEAP | | ''eap_type'' | //(none)// | Defines the EAP protocol to use, possible values are ''tls'' for EAP-TLS and ''peap'' or ''ttls'' for EAP-PEAP |
-| ''auth'' | ''MSCHAPV2'' | Defines the phase 2 authentication method to use, only applicable if ''eap_type'' is ''peap'' or ''ttls'' |+| ''auth'' | ''MSCHAPV2'' | PAP/MSCHAPV2 - Defines the phase 2 (inner) authentication method to use, only applicable if ''eap_type'' is ''peap'' or ''ttls'' |
| ''identity'' | //(none)// | EAP identity to send during authentication | | ''identity'' | //(none)// | EAP identity to send during authentication |
| ''password'' | //(none)// | Password to send during EAP authentication | | ''password'' | //(none)// | Password to send during EAP authentication |
Line 218: Line 228:
| ''priv_key'' | //(none)// | Specifies the path to the private key file used for authentication, only applicable if ''eap_type'' is set to ''tls'' | | ''priv_key'' | //(none)// | Specifies the path to the private key file used for authentication, only applicable if ''eap_type'' is set to ''tls'' |
| ''priv_key_pwd'' | //(none)// | Password to unlock the private key file, only works in conjunction with ''priv_key'' | | ''priv_key_pwd'' | //(none)// | Password to unlock the private key file, only works in conjunction with ''priv_key'' |
 +:!: When using WPA Enterprise type PEAP with Active Directory Servers, the "auth" option must be set to "auth=MSCHAPV2" 
 +<code> 
 +    option auth 'auth=MSCHAPV2' 
 +</code>
=== WPS Options === === WPS Options ===
Line 224: Line 237:
Listing of [[http://en.wikipedia.org/wiki/Wi-Fi_Protected_Setup|Wi-Fi Protected Setup]] related options. Listing of [[http://en.wikipedia.org/wiki/Wi-Fi_Protected_Setup|Wi-Fi Protected Setup]] related options.
-:!: Support for WPS is provided by packages ''wpad'' and ''hostapd-utils''. Default package ''wpad-mini'' is not enough.\\ //Fixed with [[https://dev.openwrt.org/changeset/33393|changeset 33393]].//+:!: Support for WPS is provided by packages ''wpad'' and ''hostapd-utils''. Default package ''wpad-mini'' is not enough.\\
:!: WPS is possible only when encryption PSK is selected. :!: WPS is possible only when encryption PSK is selected.
-:!: Some package is not correctly generated and ''hostapd_cli'' doesn't support command ''wps_pbc''.  See this [[https://forum.openwrt.org/viewtopic.php?id=30882|thread]] for further details.\\ //Fixed with [[https://dev.openwrt.org/changeset/33393|changeset 33393]].//+:!: Some package is not correctly generated and ''hostapd_cli'' doesn't support command ''wps_pushbutton''.  See this [[https://forum.openwrt.org/viewtopic.php?id=30882|thread]] for further details.\\ //Fixed with [[https://dev.openwrt.org/changeset/33393|changeset 33393]].//
^ Name ^ Type ^ Required ^ Default ^ Description ^ ^ Name ^ Type ^ Required ^ Default ^ Description ^
Line 236: Line 249:
| ''wps_label'' | boolean | no | ''0'' | Enable //label// configuration method. | | ''wps_label'' | boolean | no | ''0'' | Enable //label// configuration method. |
| ''wps_manufacturer'' | string | no | ''openwrt.org'' | The manufacturer of the device (up to 64 ASCII characters). | | ''wps_manufacturer'' | string | no | ''openwrt.org'' | The manufacturer of the device (up to 64 ASCII characters). |
-| ''wps_pbc'' | boolean | no | ''0'' | Enable //push-button// configuration method. |+| ''wps_pushbutton'' | boolean | no | ''0'' | Enable //push-button// configuration method. | 
 + 
 +Minimal steps needed to get WPS running: 
 + 
 +  * Add ''option wps_pushbutton '1' '' to a ''config wifi-iface'' section that is configured for WPA2-PSK 
 +  * opkg update 
 +  * opkg remove wpad-mini 
 +  * opkg install wpad hostapd-utils 
 +  * reboot
===== Configuring Encryption ===== ===== Configuring Encryption =====
Line 257: Line 278:
wifi detect > /etc/config/wireless'' | wifi detect > /etc/config/wireless'' |
-===== 40 MHz channel (300 Mbps) ===== +''wifi detect'' gives UCI configuration entries for all installed interfaces that do not have UCI entries in ''/etc/config/wireless''. So you can remove ''/etc/config/wireless'' and run the above again to reset your wifi configuration. 
-Stuck at 130Mbps? Get 300Mbps! Note: this violates regulatory requirements.+ 
 +===== 40 MHz channel width (up to 300 Mbps) for 802.11n devices ONLY ===== 
 +The default max channel with of 20MHz supports a max speed of 130Mbps. Increasing this to 40MHz will increase the maximum theoretical speed to 300Mbps. 
 + 
 +The catch is that in areas with a lot of wifi traffic (and Bluetooth etc. which share the same radio frequencies), 40MHz may decrease your overall speed.  Devices **should** detect interference when using 40MHz , and drop back to 20MHz.  YMMV.
Edit the file /etc/config/wireless, and restart the wifi AP by executing the following commands... Edit the file /etc/config/wireless, and restart the wifi AP by executing the following commands...
    uci set wireless.radio0.htmode=HT40+  # or: HT40- if using channel 11     uci set wireless.radio0.htmode=HT40+  # or: HT40- if using channel 11
-    uci set wireless.radio0.noscan=1 
    uci commit wireless; wifi     uci commit wireless; wifi
Note that option 'htmode' should be set to either HT40+ (for channels 1-7) or HT40- (for channels 5-11). You have to use WPA2 encryption with AES. Note that option 'htmode' should be set to either HT40+ (for channels 1-7) or HT40- (for channels 5-11). You have to use WPA2 encryption with AES.
-===== Notes ===== +For an explanation of the HT40+ vs. HT40- options, and other related information (e.g. for use of 5GHz band channels) see: [[http://hostap.epitest.fi/cgit/hostap/tree/hostapd/hostapd.conf]]. 
-Currently, the mac80211 family of wifi drivers does not support DFS. However, DFS is mandatory for many channels in the 5GHz band. If you provide a channel in your wireless config that requires DFS according to your country regulations, the radio1 device won't start up. + 
-You can check that with <code bash>iw reg get</code> +===== DFS / Radar Detection ===== 
-If you provided DE as your country code (Germany), you'll notice that all channels in the 5GHz band require DFS, so you won't be able to use the radio1 device. A workaround is to choose FR, instead. This enables channels 36, 40, 44 and 48 at least. However, it might be illegal to use a foreign country code+In many countries, operating WiFi devices in the 5GHz band requires radar detection and DFS ([[http://wifi-insider.com/wlan/dfs.htm|explanation)]]. More technical details of the Linux implementation can be found at [[http://wireless.kernel.org/en/developers/DFS]].  
-Note: The output of iw reg get gives you just the frequences. Matching them to channels may be done via <code bash>iwlist wlan1 chan</code> + 
-Adjust other wireless settings as appropriate.+DFS works roughly as follows in Linux: The driver (e.g. ath9k) detects radar pulses and reports this to nl80211 where the information is processed. If a series of pulses matches one of the defined radar patterns, this will be reported to user space application (hostapd) which in turn reacts by switching to another channel. 
 + 
 +As of July 2014, DFS and radar detection are supported in OpenWRT trunk (Barrier Braker). Both features are not supported in currect stable release (Attitude Adjustment). 
 + 
 +Currently, many members of the mac80211 family of WiFi drivers do support radar detection. DFS is mandatory for most channels in the 5GHz band (exception: indoor-only channels) in many countries. If you define a channel in your wireless config that requires DFS according to your country regulations, the 5GHz radio device won't start up if you run an OpenWRT version that lacks DFS support or if your system is not configured properly. 
 + 
 +You can check the coutry (regulatory domain) your WiFi card thinks it must conform to with <code bash>iw reg get</code> 
 + 
 +If you compile OpenWRT yourself, you need to set  
 + <code>CONFIG_PACKAGE_ATH_DFS=y</code> 
 +to enable DFS support. Without it, DFS-requiring channels cannot be used.  
 +At least for ath9k driver you also need to set 
 + <code>CONFIG_ATH_USER_REGD=y</code> 
 +whereas this option must not be set when using ath10k driver due to a bug (see [[http://wireless.kernel.org/en/users/Drivers/ath10k]] -> Limitations 3/3 ). 
 + 
 +Now the following configuration selects channel 104 which needs DFS support as implicitly stated with country code DE: 
 +<code> 
 +config wifi-device  radio0 
 + option type    mac80211 
 + option channel  104 
 + option hwmode 11a 
 + option path 'pci0000:00/0000:00:00.0' 
 + option htmode HT20 
 + option country 'DE' 
 + 
 +config wifi-iface 
 + option device  radio0 
 + option network  lan 
 + option mode    ap 
 + option ssid    OpenWrt 
 + option encryption none 
 +</code> 
 + 
 +==== DFS for IBSS / Ad-Hoc Mode ====
-*AS OF 2010-01-11, THE 5 GHZ WIRELESS INTERFACE WILL NOT COME UP UNLESS YOU SET THE COUNTRY CODE AND CHANNELS AS DESCRIBED ABOVE.*+DFS is supported in AP / master mode in ath9k in Barrier Breaker (TODO: since svn ??? ). 
 +Patches for IBSS / Ad-Hoc mode were posted in linux-wireless mailing list: [[http://marc.info/?l=linux-wireless&m=137823021907805&w=2|2013-09-03 [PATCH 0/4] add IBSS-DFS support]].
-After saving your wireless config, execute this command to force the system to reread the configs and bring up the radios: +Output of //iw phy <5ghz> info// 
-<code>wifi</code>+<code> 
 + Frequencies: 
 + * 5180 MHz [36] (15.0 dBm) 
 + * 5200 MHz [40] (19.0 dBm) 
 + * 5220 MHz [44] (15.0 dBm) 
 + * 5240 MHz [48] (15.0 dBm) 
 + * 5260 MHz [52] (15.0 dBm) (radar detection) 
 +   DFS state: usable (for 2731982 sec) 
 + * 5280 MHz [56] (15.0 dBm) (radar detection) 
 +   DFS state: usable (for 2731982 sec) 
 + * 5300 MHz [60] (15.0 dBm) (radar detection) 
 +   DFS state: usable (for 2731982 sec) 
 + * 5320 MHz [64] (15.0 dBm) (radar detection) 
 +   DFS state: usable (for 2731982 sec) 
 + * 5500 MHz [100] (15.0 dBm) (radar detection) 
 +   DFS state: usable (for 2731982 sec) 
 + * 5520 MHz [104] (19.0 dBm) (radar detection) 
 +   DFS state: usable (for 2731982 sec) 
 +</code>
===== Troubleshooting ===== ===== Troubleshooting =====

Back to top

doc/uci/wireless.1353593095.txt.bz2 · Last modified: 2012/11/22 15:04 by the2masters