Differences

This shows you the differences between two versions of the page.

doc:uci:wireless [2013/11/01 21:21]
nbd clean up a few wifi config issues
doc:uci:wireless [2014/07/25 00:44] (current)
bdheaton WPA-Ent "auth" option doesn't list the required contents of the option to work with MS AD NPS servers using PEAP
Line 2: Line 2:
The wireless UCI configuration is located in ''/etc/config/wireless''. Learn about the entire [[doc:howto:wireless.overview|IEEE 802.11 "wireless" subsystem]]. The wireless UCI configuration is located in ''/etc/config/wireless''. Learn about the entire [[doc:howto:wireless.overview|IEEE 802.11 "wireless" subsystem]].
-| {{:meta:icons:tango:dialog-information.png?nolink}} | **''Note1:''** By default the wireless is **OFF**. You can turn it on in the ''/etc/config/wireless'' by changing ''disabled 1'' to ''disabled 0''\\ In UCI CLI you do this with: <code>uci set wireless.@wifi-device[0].disabled=0; uci commit wireless; wifi</code>  **''Note2:''** In case your image does not contain the driver for your wireless chipset, simply install them with ''[[doc:techref:opkg]]'' and proceed with [[#regenerate.configuration|Regenerate Configuration]]. |+| {{:meta:icons:tango:dialog-information.png?nolink}} | **''Note1:''** By default the wireless is **OFF**. You can turn it on in the ''/etc/config/wireless'' by changing ''disabled 1'' to ''disabled 0''\\ In UCI CLI you do this with: <code>uci set wireless.@wifi-device[0].disabled=0; uci commit wireless; wifi</code>  **''Note2:''** If your device contains multiple radios (e.g. some dual-band devices), then you'll need to enabled each device in-turn - list disabled devices with <code>uci show wireless | grep disabled</code> **''Note3:''** In case your image does not contain the driver for your wireless chipset, simply install them with ''[[doc:techref:opkg]]'' and proceed with [[#regenerate.configuration|Regenerate Configuration]]. |
Line 32: Line 32:
^ Name ^ Type ^ Required ^ Default ^ Description ^ ^ Name ^ Type ^ Required ^ Default ^ Description ^
-| ''type'' | string | yes | //(autodetected)// | The ''type'' is determined on firstboot during the initial radio device detection - it is usually not required to change it. Used values are ''broadcom'' on brcm-2.4, ''atheros'' for madwifi or ''mac80211'' for b43, ath5k and ath9k | +| ''type'' | string | yes | //(autodetected)// | The ''type'' is determined on firstboot during the initial radio device detection - it is usually not required to change it. Used values are ''broadcom'' on brcm47xx, or ''mac80211'' for b43, ath5k and ath9k | 
-| ''phy'' | string | no/yes | //(autodetected)// | Specifies the radio phy associated to this section, it is usually autodetected and should not be changed. By default openwrt uses ''macaddr'' to identify the radio (more precise) but you can use ''phy'' instead, to be more hardware independent.\\ :!: **This option is only used for type ''mac80211'' and ''madwifi'' (trunk)** +| ''phy'' | string | no/yes | //(autodetected)// | Specifies the radio phy associated to this section. If present, it is usually autodetected and should not be changed. | 
-| ''macaddr'' | MAC address | yes/no | //(autodetected)// | Specifies the radio adapter associated to this section, it is //not// used to change the device mac but to identify the underlying interface. The value is autodetected at first boot or when you use ''phy'' parameter. If you want a hardware independent config (to restore the config on many routers) you should use ''phy'' parameter instead of ''macaddr''.\\ :!: **This option is only used for type ''mac80211'' and ''madwifi'' (trunk)** |+| ''macaddr'' | MAC address | yes/no | //(autodetected)// | Specifies the radio adapter associated to this section, it is //not// used to change the device mac but to identify the underlying interface. |
| ''disabled'' | boolean | no | ''0'' | Disables the radio adapter if set to ''1''. Removing this option or setting it to ''0'' will enable the adapter | | ''disabled'' | boolean | no | ''0'' | Disables the radio adapter if set to ''1''. Removing this option or setting it to ''0'' will enable the adapter |
-| ''channel'' | integer or "auto" | yes | ''auto'' | Specifies the wireless channel to use. In station mode the value ''auto'' is allowed, in access point mode an actual channel number must be given +| ''channel'' | integer or "auto" | yes | ''auto'' | Specifies the wireless channel to use. | 
-| ''hwmode'' | string | no | //(driver default)// | Selects the wireless protocol to use, possible values are ''11b'', ''11bg'', ''11g'', ''11gdt'' (G + dynamic turbo, madwifi only), ''11gst'' (G turbo, broadcom only), ''11a'', ''11adt'' (A + dynamic turbo, madwifi only), ''11ast'' (A + static turbo, madwifi only), ''11fh'' (frequency hopping), ''11lrs'' (LRS mode, broadcom only), ''11ng'' (11N+11G, 2.4GHz, mac80211 only), ''11na'' (11N+11A, 5GHz, mac80211 only) or ''auto'' +| ''hwmode'' | string | no | //(driver default)// | Selects the wireless protocol to use, possible values are ''11b'', ''11g'', ''11a'', ''11ng'' (11N+11G, 2.4GHz, mac80211 only), ''11na'' (11N+11A, 5GHz, mac80211 only) | 
-| ''htmode'' | string | no | //(driver default)// | Specifies the channel width in ''11ng'' and ''11na'' mode, possible values are: ''HT20'' (single 20MHz channel), ''HT40-'' (2x 20MHz channels, primary/control channel is upper, secondary channel is below) or ''HT40+'' (2x 20MHz channels, primary/control channel is lower, secondary channel is above). Cf. [[doc/faq/faq.wireless#why.can.t.i.use.ht40.with.channel.11]]. \\ :!: **This option is only used for type ''mac80211''** |+| ''htmode'' | string | no | //(driver default)// | Specifies the channel width in 802.11n and 802.11ac mode, possible values are:\\ ''HT20'' (single 20MHz channel),\\ ''HT40-'' (2x 20MHz channels, primary/control channel is upper, secondary channel is below)\\ ''HT40+'' (2x 20MHz channels, primary/control channel is lower, secondary channel is above).\\ ''VHT20'' / ''VHT40'' / ''VHT80'' / ''VHT160'' (channel width in 802.11ac, extra channels are picked according to the specification) \\ Cf. [[doc/faq/faq.wireless#why.can.t.i.use.ht40.with.channel.11]] and [[http://hostap.epitest.fi/cgit/hostap/tree/hostapd/hostapd.conf]] (search for HT40) in the web page. \\ :!: **This option is only used for type ''mac80211''** |
| ''chanbw'' | integer | no | 20 | Specifies a narrow channel width, possible values are: ''5'' (5MHz channel), ''10'' (10MHz channel) or ''20'' (20MHz channel). \\ :!: **Only supported by the ''ath9k''/''ath5k'' driver (since Attitude Adjustment)** | | ''chanbw'' | integer | no | 20 | Specifies a narrow channel width, possible values are: ''5'' (5MHz channel), ''10'' (10MHz channel) or ''20'' (20MHz channel). \\ :!: **Only supported by the ''ath9k''/''ath5k'' driver (since Attitude Adjustment)** |
-| ''ht_capab'' | string | no | //(driver default)// | Specifies the available capabilities of the radio. The values are autodetected.\\ :!: **This option is only used for type ''mac80211''** |+| ''ht_capab'' | string | no | //(driver default)// | Specifies the available capabilities of the radio. The values are autodetected.  See [[http://hostap.epitest.fi/cgit/hostap/tree/hostapd/hostapd.conf]] for options (search for ht_capab in web page). \\ :!: **This option is only used for type ''mac80211''** |
| ''txpower'' | integer | no | //(driver default)// | Specifies the //transmission power in dBm// | | ''txpower'' | integer | no | //(driver default)// | Specifies the //transmission power in dBm// |
| ''diversity'' | boolean | no | ''1'' | Enables or disables the automatic antenna selection by the driver | | ''diversity'' | boolean | no | ''1'' | Enables or disables the automatic antenna selection by the driver |
Line 52: Line 52:
| ''beacon_int'' | integer | no | //100 (hostapd default)// | Set the beacon interval. This is the time interval between beacon frames, measured in units of 1.024 ms. hostapd permits this to be set between 15 and 65535. This option only has an effect on ''ap'' and ''adhoc'' wifi-ifaces. \\ :!: **Only supported by ''mac80211'' (in trunk)** | | ''beacon_int'' | integer | no | //100 (hostapd default)// | Set the beacon interval. This is the time interval between beacon frames, measured in units of 1.024 ms. hostapd permits this to be set between 15 and 65535. This option only has an effect on ''ap'' and ''adhoc'' wifi-ifaces. \\ :!: **Only supported by ''mac80211'' (in trunk)** |
| ''basic_rate'' | list | no | //(hostapd/driver default)// | Set the supported basic rates. Each basic_rate is measured in kb/s. This option only has an effect on ''ap'' and ''adhoc'' wifi-ifaces. \\ :!: **Only supported by ''mac80211'' (in trunk)** | | ''basic_rate'' | list | no | //(hostapd/driver default)// | Set the supported basic rates. Each basic_rate is measured in kb/s. This option only has an effect on ''ap'' and ''adhoc'' wifi-ifaces. \\ :!: **Only supported by ''mac80211'' (in trunk)** |
 +| ''require_mode'' | string | no | //none// | (AP mode) Set the minimum mode that connecting clients need to support to be allowed to connect. Supported values: g = 802.11g, n = 802.11n, ac = 802.11ac |
| ''log_level'' | integer | no | 2 | Set the log_level. Supported levels are: 0 = verbose debugging, 1 = debugging, 2 = informational messages, 3 = notification, 4 = warning | | ''log_level'' | integer | no | 2 | Set the log_level. Supported levels are: 0 = verbose debugging, 1 = debugging, 2 = informational messages, 3 = notification, 4 = warning |
Line 205: Line 206:
| ''acct_secret'' | //(none)// | Shared accounting RADIUS secret | | ''acct_secret'' | //(none)// | Shared accounting RADIUS secret |
| ''nasid'' | //(none)// | NAS ID to use for RADIUS authentication requests | | ''nasid'' | //(none)// | NAS ID to use for RADIUS authentication requests |
 +| ''ownip'' | //(none)// | NAS IP Address to use for RADIUS authentication requests - introduced in [[https://dev.openwrt.org/changeset/40934/trunk|r40934]] |
| ''dae_client'' | //(none)// | Dynamic Authorization Extension client. This client can send "Disconnect-Request" or "CoA-Request" packets to forcibly disconnect a client or change connection parameters. | | ''dae_client'' | //(none)// | Dynamic Authorization Extension client. This client can send "Disconnect-Request" or "CoA-Request" packets to forcibly disconnect a client or change connection parameters. |
| ''dae_port'' | ''3799'' | Port the Dynamic Authorization Extension server listens on. | | ''dae_port'' | ''3799'' | Port the Dynamic Authorization Extension server listens on. |
Line 219: Line 221:
^ Name ^ Default ^ Description ^ ^ Name ^ Default ^ Description ^
| ''eap_type'' | //(none)// | Defines the EAP protocol to use, possible values are ''tls'' for EAP-TLS and ''peap'' or ''ttls'' for EAP-PEAP | | ''eap_type'' | //(none)// | Defines the EAP protocol to use, possible values are ''tls'' for EAP-TLS and ''peap'' or ''ttls'' for EAP-PEAP |
-| ''auth'' | ''MSCHAPV2'' | Defines the phase 2 authentication method to use, only applicable if ''eap_type'' is ''peap'' or ''ttls'' |+| ''auth'' | ''MSCHAPV2'' | PAP/MSCHAPV2 - Defines the phase 2 (inner) authentication method to use, only applicable if ''eap_type'' is ''peap'' or ''ttls'' |
| ''identity'' | //(none)// | EAP identity to send during authentication | | ''identity'' | //(none)// | EAP identity to send during authentication |
| ''password'' | //(none)// | Password to send during EAP authentication | | ''password'' | //(none)// | Password to send during EAP authentication |
Line 226: Line 228:
| ''priv_key'' | //(none)// | Specifies the path to the private key file used for authentication, only applicable if ''eap_type'' is set to ''tls'' | | ''priv_key'' | //(none)// | Specifies the path to the private key file used for authentication, only applicable if ''eap_type'' is set to ''tls'' |
| ''priv_key_pwd'' | //(none)// | Password to unlock the private key file, only works in conjunction with ''priv_key'' | | ''priv_key_pwd'' | //(none)// | Password to unlock the private key file, only works in conjunction with ''priv_key'' |
 +:!: When using WPA Enterprise type PEAP with Active Directory Servers, the "auth" option must be set to "auth=MSCHAPV2" 
 +<code> 
 +    option auth 'auth=MSCHAPV2' 
 +</code>
=== WPS Options === === WPS Options ===
Line 236: Line 241:
:!: WPS is possible only when encryption PSK is selected. :!: WPS is possible only when encryption PSK is selected.
-:!: Some package is not correctly generated and ''hostapd_cli'' doesn't support command ''wps_pbc''.  See this [[https://forum.openwrt.org/viewtopic.php?id=30882|thread]] for further details.\\ //Fixed with [[https://dev.openwrt.org/changeset/33393|changeset 33393]].//+:!: Some package is not correctly generated and ''hostapd_cli'' doesn't support command ''wps_pushbutton''.  See this [[https://forum.openwrt.org/viewtopic.php?id=30882|thread]] for further details.\\ //Fixed with [[https://dev.openwrt.org/changeset/33393|changeset 33393]].//
^ Name ^ Type ^ Required ^ Default ^ Description ^ ^ Name ^ Type ^ Required ^ Default ^ Description ^
Line 244: Line 249:
| ''wps_label'' | boolean | no | ''0'' | Enable //label// configuration method. | | ''wps_label'' | boolean | no | ''0'' | Enable //label// configuration method. |
| ''wps_manufacturer'' | string | no | ''openwrt.org'' | The manufacturer of the device (up to 64 ASCII characters). | | ''wps_manufacturer'' | string | no | ''openwrt.org'' | The manufacturer of the device (up to 64 ASCII characters). |
-| ''wps_pbc'' | boolean | no | ''0'' | Enable //push-button// configuration method. |+| ''wps_pushbutton'' | boolean | no | ''0'' | Enable //push-button// configuration method. | 
 + 
 +Minimal steps needed to get WPS running: 
 + 
 +  * Add ''option wps_pushbutton '1' '' to a ''config wifi-iface'' section that is configured for WPA2-PSK 
 +  * opkg update 
 +  * opkg remove wpad-mini 
 +  * opkg install wpad hostapd-utils 
 +  * reboot
===== Configuring Encryption ===== ===== Configuring Encryption =====
Line 267: Line 280:
''wifi detect'' gives UCI configuration entries for all installed interfaces that do not have UCI entries in ''/etc/config/wireless''. So you can remove ''/etc/config/wireless'' and run the above again to reset your wifi configuration. ''wifi detect'' gives UCI configuration entries for all installed interfaces that do not have UCI entries in ''/etc/config/wireless''. So you can remove ''/etc/config/wireless'' and run the above again to reset your wifi configuration.
-===== 40 MHz channel (300 Mbps) ===== +===== 40 MHz channel width (up to 300 Mbps) for 802.11n devices ONLY ===== 
-Stuck at 130Mbps? Get 300Mbps! Note: this violates regulatory requirements.+The default max channel with of 20MHz supports a max speed of 130Mbps. Increasing this to 40MHz will increase the maximum theoretical speed to 300Mbps. 
 + 
 +The catch is that in areas with a lot of wifi traffic (and Bluetooth etc. which share the same radio frequencies), 40MHz may decrease your overall speed.  Devices **should** detect interference when using 40MHz , and drop back to 20MHz.  YMMV.
Edit the file /etc/config/wireless, and restart the wifi AP by executing the following commands... Edit the file /etc/config/wireless, and restart the wifi AP by executing the following commands...
    uci set wireless.radio0.htmode=HT40+  # or: HT40- if using channel 11     uci set wireless.radio0.htmode=HT40+  # or: HT40- if using channel 11
-    uci set wireless.radio0.noscan=1 
    uci commit wireless; wifi     uci commit wireless; wifi
Note that option 'htmode' should be set to either HT40+ (for channels 1-7) or HT40- (for channels 5-11). You have to use WPA2 encryption with AES. Note that option 'htmode' should be set to either HT40+ (for channels 1-7) or HT40- (for channels 5-11). You have to use WPA2 encryption with AES.
-===== Notes ===== +For an explanation of the HT40+ vs. HT40- options, and other related information (e.g. for use of 5GHz band channels) see: [[http://hostap.epitest.fi/cgit/hostap/tree/hostapd/hostapd.conf]]. 
-Currently, many members of the mac80211 family of wifi drivers do not support DFS. However, DFS is mandatory for many channels in the 5GHz band. If you provide a channel in your wireless config that requires DFS according to your country regulations, the radio1 device won't start up. + 
-You can check that with <code bash>iw reg get</code> +===== DFS / Radar Detection ===== 
-If you provided DE as your country code (Germany), you'll notice that all channels in the 5GHz band require DFS, so you won't be able to use the radio1 device. A workaround is to choose FR, instead. This enables channels 36, 40, 44 and 48 at least. However, it might be illegal to use a foreign country code+In many countries, operating WiFi devices in the 5GHz band requires radar detection and DFS ([[http://wifi-insider.com/wlan/dfs.htm|explanation)]]. More technical details of the Linux implementation can be found at [[http://wireless.kernel.org/en/developers/DFS]].  
-Note: The output of iw reg get gives you just the frequences. Matching them to channels may be done via <code bash>iwlist wlan1 chan</code> + 
-Adjust other wireless settings as appropriate.+DFS works roughly as follows in Linux: The driver (e.g. ath9k) detects radar pulses and reports this to nl80211 where the information is processed. If a series of pulses matches one of the defined radar patterns, this will be reported to user space application (hostapd) which in turn reacts by switching to another channel. 
 + 
 +As of July 2014, DFS and radar detection are supported in OpenWRT trunk (Barrier Braker). Both features are not supported in currect stable release (Attitude Adjustment). 
 + 
 +Currently, many members of the mac80211 family of WiFi drivers do support radar detection. DFS is mandatory for most channels in the 5GHz band (exception: indoor-only channels) in many countries. If you define a channel in your wireless config that requires DFS according to your country regulations, the 5GHz radio device won't start up if you run an OpenWRT version that lacks DFS support or if your system is not configured properly. 
 + 
 +You can check the coutry (regulatory domain) your WiFi card thinks it must conform to with <code bash>iw reg get</code> 
 + 
 +If you compile OpenWRT yourself, you need to set  
 + <code>CONFIG_PACKAGE_ATH_DFS=y</code> 
 +to enable DFS support. Without it, DFS-requiring channels cannot be used.  
 +At least for ath9k driver you also need to set 
 + <code>CONFIG_ATH_USER_REGD=y</code> 
 +whereas this option must not be set when using ath10k driver due to a bug (see [[http://wireless.kernel.org/en/users/Drivers/ath10k]] -> Limitations 3/3 ).
-*AS OF 2010-01-11, THE 5 GHZ WIRELESS INTERFACE WILL NOT COME UP UNLESS YOU SET THE COUNTRY CODE AND CHANNELS AS DESCRIBED ABOVE.*+Now the following configuration selects channel 104 which needs DFS support as implicitly stated with country code DE: 
 +<code> 
 +config wifi-device  radio0 
 + option type    mac80211 
 + option channel  104 
 + option hwmode 11a 
 + option path 'pci0000:00/0000:00:00.0' 
 + option htmode HT20 
 + option country 'DE'
-After saving your wireless config, execute this command to force the system to reread the configs and bring up the radios: +config wifi-iface 
-<code>wifi</code>+ option device  radio0 
 + option network  lan 
 + option mode    ap 
 + option ssid    OpenWrt 
 + option encryption none 
 +</code>
-==== DFS on 5GHz ====+==== DFS for IBSS / Ad-Hoc Mode ====
DFS is supported in AP / master mode in ath9k in Barrier Breaker (TODO: since svn ??? ). DFS is supported in AP / master mode in ath9k in Barrier Breaker (TODO: since svn ??? ).

Back to top

doc/uci/wireless.1383337298.txt.bz2 · Last modified: 2013/11/01 21:21 by nbd