update for rename of docs/user/DebugKernelCrashDumps.mdwn to docs/user/list/DebugKern...

[ikiwiki.git] / docs / handbook / handbook-network-wireless.mdwn

\r
\r
## 19.3 Wireless Networking \r
\r
***Written by Eric Anderson. ***\r
\r
### 19.3.1 Introduction \r
\r
It can be very useful to be able to use a computer without the annoyance of having a network cable attached at all times. DragonFly can be used as a wireless client, and even as a wireless ***access point***.\r
\r
### 19.3.2 Wireless Modes of Operation \r
\r
There are two different ways to configure 802.11 wireless devices: BSS and IBSS.\r
\r
#### 19.3.2.1 BSS Mode \r
\r
BSS mode is the mode that typically is used. BSS mode is also called infrastructure mode. In this mode, a number of wireless access points are connected to a wired network. Each wireless network has its own name. This name is called the SSID of the network.\r
\r
Wireless clients connect to these wireless access points. The IEEE 802.11 standard defines the protocol that wireless networks use to connect. A wireless client can be tied to a specific network, when a SSID is set. A wireless client can also attach to any network by not explicitly setting a SSID.\r
\r
#### 19.3.2.2 IBSS Mode \r
\r
IBSS mode, also called ad-hoc mode, is designed for point to point connections. There are actually two types of ad-hoc mode. One is IBSS mode, also called ad-hoc or IEEE ad-hoc mode. This mode is defined by the IEEE 802.11 standards. The second is called demo ad-hoc mode or Lucent ad-hoc mode (and sometimes, confusingly, ad-hoc mode). This is the old, pre-802.11 ad-hoc mode and should only be used for legacy installations. We will not cover either of the ad-hoc modes further.\r
\r
### 19.3.3 Infrastructure Mode \r
\r
#### 19.3.3.1 Access Points \r
\r
Access points are wireless networking devices that allow one or more wireless clients to use the device as a central hub. When using an access point, all clients communicate through the access point. Multiple access points are often used to cover a complete area such as a house, business, or park with a wireless network.\r
\r
Access points typically have multiple network connections: the wireless card, and one or more wired Ethernet adapters for connection to the rest of the network.\r
\r
Access points can either be purchased prebuilt, or you can build your own with DragonFly and a supported wireless card. Several vendors make wireless access points and wireless cards with various features.\r
\r
#### 19.3.3.2 Building a DragonFly Access Point \r
\r
##### 19.3.3.2.1 Requirements \r
\r
In order to set up a wireless access point with DragonFly, you need to have a compatible wireless card. Currently, only cards with the Prism chipset are supported. You will also need a wired network card that is supported by DragonFly (this should not be difficult to find, DragonFly supports a lot of different devices). For this guide, we will assume you want to [bridge(4)](http://leaf.dragonflybsd.org/cgi/web-man?command#bridge&section4) all traffic between the wireless device and the network attached to the wired network card.\r
\r
The hostap functionality that DragonFly uses to implement the access point works best with certain versions of firmware. Prism 2 cards should use firmware version 1.3.4 or newer. Prism 2.5 and Prism 3 cards should use firmware 1.4.9. Older versions of the firmware way or may not function correctly. At this time, the only way to update cards is with Windows® firmware update utilities available from your card's manufacturer.\r
\r
##### 19.3.3.2.2 Setting It Up \r
\r
First, make sure your system can see the wireless card:\r
\r
    \r
    # ifconfig -a\r
    wi0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500\r
            inet6 fe80::202:2dff:fe2d:c938%wi0 prefixlen 64 scopeid 0x7\r
            inet 0.0.0.0 netmask 0xff000000 broadcast 255.255.255.255\r
            ether 00:09:2d:2d:c9:50\r
            media: IEEE 802.11 Wireless Ethernet autoselect (DS/2Mbps)\r
            status: no carrier\r
            ssid ""\r
            stationname "DragonFly Wireless node"\r
            channel 10 authmode OPEN powersavemode OFF powersavesleep 100\r
            wepmode OFF weptxkey 1\r
\r
\r
Do not worry about the details now, just make sure it shows you something to indicate you have a wireless card installed. If you have trouble seeing the wireless interface, and you are using a PC Card, you may want to check out [pccardc(8)](http://leaf.dragonflybsd.org/cgi/web-man?command#pccardc&section8) and [pccardd(8)](http://leaf.dragonflybsd.org/cgi/web-man?command=pccardd&section=8) manual pages for more information.\r
\r
Next, you will need to load a module in order to get the bridging part of DragonFly ready for the access point. To load the [bridge(4)](http://leaf.dragonflybsd.org/cgi/web-man?command#bridge&section4) module, simply run the following command:\r
\r
    \r
    # kldload bridge\r
\r
\r
It should not have produced any errors when loading the module. If it did, you may need to compile the [bridge(4)](http://leaf.dragonflybsd.org/cgi/web-man?command#bridge&section4) code into your kernel. The [network-bridging.html Bridging] section of this handbook should be able to help you accomplish that task.\r
\r
Now that you have the bridging stuff done, we need to tell the DragonFly kernel which interfaces to bridge together. We do that by using [sysctl(8)](http://leaf.dragonflybsd.org/cgi/web-man?command#sysctl&section8):\r
\r
    \r
    # sysctl net.link.ether.bridge=1\r
    # sysctl net.link.ether.bridge_cfg="wi0,xl0"\r
    # sysctl net.inet.ip.forwarding=1\r
\r
\r
Now it is time for the wireless card setup. The following command will set the card into an access point:\r
\r
    \r
    # ifconfig wi0 ssid `***my_net***` channel 11 media DS/11Mbps mediaopt hostap up stationname "`***DragonFly AP***`"\r
    \r
\r
\r
The [ifconfig(8)](http://leaf.dragonflybsd.org/cgi/web-man?command#ifconfig&section8) line brings the `wi0` interface up, sets its SSID to `***my_net***`, and sets the station name to `***DragonFly AP***`. The `media DS/11Mbps` sets the card into 11Mbps mode and is needed for any `mediaopt` to take effect. The `mediaopt hostap` option places the interface into access point mode. The `channel 11` option sets the 802.11b channel to use. The [wicontrol(8)](http://leaf.dragonflybsd.org/cgi/web-man?command=wicontrol&section=8) manual page has valid channel options for your regulatory domain.\r
\r
Now you should have a complete functioning access point up and running. You are encouraged to read [wicontrol(8)](http://leaf.dragonflybsd.org/cgi/web-man?command#wicontrol&section8), [ifconfig(8)](http://leaf.dragonflybsd.org/cgi/web-man?command=ifconfig&section=8), and [wi(4)](http://leaf.dragonflybsd.org/cgi/web-man?command=wi&section=4) for further information.\r
\r
It is also suggested that you read the section on encryption that follows.\r
\r
##### 19.3.3.2.3 Status Information \r
\r
Once the access point is configured and operational, operators will want to see the clients that are associated with the access point. At any time, the operator may type:\r
\r
    \r
    # wicontrol -l\r
    1 station:\r
    00:09:b7:7b:9d:16  asid#04c0, flags3<ASSOC,AUTH>, caps=1<ESS>, rates=f<1M,2M,5.5M,11M>, sig=38/15\r
\r
\r
This shows that there is one station associated, along with its parameters. The signal indicated should be used as a relative indication of strength only. Its translation to dBm or other units varies between different firmware revisions.\r
\r
#### 19.3.3.3 Clients \r
\r
A wireless client is a system that accesses an access point or another client directly.\r
\r
Typically, wireless clients only have one network device, the wireless networking card.\r
\r
There are a few different ways to configure a wireless client. These are based on the different wireless modes, generally BSS (infrastructure mode, which requires an access point), and IBSS (ad-hoc, or peer-to-peer mode). In our example, we will use the most popular of the two, BSS mode, to talk to an access point.\r
\r
##### 19.3.3.3.1 Requirements \r
\r
There is only one real requirement for setting up DragonFly as a wireless client. You will need a wireless card that is supported by DragonFly.\r
\r
##### 19.3.3.3.2 Setting Up a Wireless DragonFly Client \r
\r
You will need to know a few things about the wireless network you are joining before you start. In this example, we are joining a network that has a name of `***my_net***`, and encryption turned off.\r
\r
 **Note:** In this example, we are not using encryption, which is a dangerous situation. In the next section, you will learn how to turn on encryption, why it is important to do so, and why some encryption technologies still do not completely protect you.\r
\r
Make sure your card is recognized by DragonFly:\r
\r
    \r
    # ifconfig -a\r
    wi0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500\r
            inet6 fe80::202:2dff:fe2d:c938%wi0 prefixlen 64 scopeid 0x7\r
            inet 0.0.0.0 netmask 0xff000000 broadcast 255.255.255.255\r
            ether 00:09:2d:2d:c9:50\r
            media: IEEE 802.11 Wireless Ethernet autoselect (DS/2Mbps)\r
            status: no carrier\r
            ssid ""\r
            stationname "DragonFly Wireless node"\r
            channel 10 authmode OPEN powersavemode OFF powersavesleep 100\r
            wepmode OFF weptxkey 1\r
\r
\r
Now, we can set the card to the correct settings for our network:\r
\r
    \r
    # ifconfig wi0 inet `***192.168.0.20***` netmask `***255.255.255.0***` ssid `***my_net***`\r
\r
\r
Replace `192.168.0.20` and `255.255.255.0` with a valid IP address and netmask on your wired network. Remember, our access point is bridging the data between the wireless network, and the wired network, so it will appear to the other devices on your network that you are on the wired network just as they are.\r
\r
Once you have done that, you should be able to ping hosts on the wired network just as if you were connected using a standard wired connection.\r
\r
If you are experiencing problems with your wireless connection, check to make sure that your are associated (connected) to the access point:\r
\r
    \r
    # ifconfig wi0\r
\r
\r
should return some information, and you should see:\r
\r
    \r
    status: associated\r
\r
\r
If it does not show `associated`, then you may be out of range of the access point, have encryption on, or possibly have a configuration problem.\r
\r
#### 19.3.3.4 Encryption \r
\r
Encryption on a wireless network is important because you no longer have the ability to keep the network contained in a well protected area. Your wireless data will be broadcast across your entire neighborhood, so anyone who cares to read it can. This is where encryption comes in. By encrypting the data that is sent over the airwaves, you make it much more difficult for any interested party to grab your data right out of the air.\r
\r
The two most common ways to encrypt the data between your client and the access point are WEP, and [ipsec(4)](http://leaf.dragonflybsd.org/cgi/web-man?command#ipsec&section4).\r
\r
##### 19.3.3.4.1 WEP \r
\r
WEP is an abbreviation for Wired Equivalency Protocol. WEP is an attempt to make wireless networks as safe and secure as a wired network. Unfortunately, it has been cracked, and is fairly trivial to break. This also means it is not something to rely on when it comes to encrypting sensitive data.\r
\r
It is better than nothing, so use the following to turn on WEP on your new DragonFly access point:\r
\r
    \r
    # ifconfig wi0 inet up ssid `***my_net***` wepmode on wepkey `***0x1234567890***` media DS/11Mbps mediaopt hostap\r
\r
\r
And you can turn on WEP on a client with this command:\r
\r
    \r
    # ifconfig wi0 inet `***192.168.0.20***` netmask `***255.255.255.0***` ssid `***my_net***` wepmode on wepkey `***0x1234567890***`\r
\r
\r
Note that you should replace the `***0x1234567890***` with a more unique key.\r
\r
##### 19.3.3.4.2 IPsec \r
\r
[ipsec(4)](http://leaf.dragonflybsd.org/cgi/web-man?command#ipsec&section4) is a much more robust and powerful tool for encrypting data across a network. This is definitely the preferred way to encrypt data over a wireless network. You can read more about [ipsec(4)](http://leaf.dragonflybsd.org/cgi/web-man?command=ipsec&section=4) security and how to implement it in the [ipsec.html IPsec] section of this handbook.\r
\r
#### 19.3.3.5 Tools \r
\r
There are a small number of tools available for use in debugging and setting up your wireless network, and here we will attempt to describe some of them and what they do.\r
\r
##### 19.3.3.5.1 The `wicontrol`, `ancontrol` and `raycontrol` Utilities \r
\r
These are the tools you can use to control how your wireless card behaves on the wireless network. In the examples above, we have chosen to use [wicontrol(8)](http://leaf.dragonflybsd.org/cgi/web-man?command#wicontrol&section8), since our wireless card is a `wi0` interface. If you had a Cisco wireless device, it would come up as `an0`, and therefore you would use [ancontrol(8)](http://leaf.dragonflybsd.org/cgi/web-man?command=ancontrol&section=8).\r
\r
##### 19.3.3.5.2 The `ifconfig` Command \r
\r
The [ifconfig(8)](http://leaf.dragonflybsd.org/cgi/web-man?command#ifconfig&section8) command can be used to do many of the same options as [wicontrol(8)](http://leaf.dragonflybsd.org/cgi/web-man?command=wicontrol&section=8), however it does lack a few options. Check [ifconfig(8)](http://leaf.dragonflybsd.org/cgi/web-man?command=ifconfig&section=8) for command line parameters and options.\r
\r
#### 19.3.3.6 Supported Cards \r
\r
##### 19.3.3.6.1 Access Points \r
\r
The only cards that are currently supported for BSS (as an access point) mode are devices based on the Prism 2, 2.5, or 3 chipsets. For a complete list, look at [wi(4)](http://leaf.dragonflybsd.org/cgi/web-man?command#wi&section4).\r
\r
##### 19.3.3.6.2 Clients \r
\r
Almost all 802.11b wireless cards are currently supported under DragonFly. Most cards based on Prism, Spectrum24, Hermes, Aironet, and Raylink will work as a wireless network card in IBSS (ad-hoc, peer-to-peer, and BSS) mode.\r
\r
\r
\r
CategoryHandbook\r
CategoryHandbook-advancednetworking\r