Scribd
Upload
61 views24 pages

31.3. Wireless Networking: 31.3.4.1. Freebsd Clients

The document discusses configuring wireless networking on FreeBSD, including scanning for available networks, selecting an access point, authenticating with the access point, and obtaining an IP address via DHCP. It provides examples of using ifconfig commands to perform these tasks and recommends using WPA encryption for security.

Uploaded by

Ismael Bar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
61 views24 pages

31.3. Wireless Networking: 31.3.4.1. Freebsd Clients

The document discusses configuring wireless networking on FreeBSD, including scanning for available networks, selecting an access point, authenticating with the access point, and obtaining an IP address via DHCP. It provides examples of using ifconfig commands to perform these tasks and recommends using WPA encryption for security.

Uploaded by

Ismael Bar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 24

31.3. Wireless Networking about:reader?url=https://www.freebsd.org/doc/h...

freebsd.org

31.3. Wireless Networking


Loader, Marc Fonvieille and Murray Stokely.
22-28 minutes

31.3.4.1. FreeBSD Clients

31.3.4.1.1. How to Find Access Points

To scan for available networks, use ifconfig(8). This request


may take a few moments to complete as it requires the system
to switch to each available wireless frequency and probe for
available access points. Only the superuser can initiate a scan:

# ifconfig wlan0 create wlandev ath0


# ifconfig wlan0 up scan
SSID/MESH ID BSSID CHAN RATE
S:N INT CAPS
dlinkap 00:13:46:49:41:76 11 54M
-90:96 100 EPS WPA WME
freebsdap 00:11:95:c3:0d:ac 1 54M
-83:96 100 EPS WPA

Note:

1 of 24 4/17/20, 3:38 PM
31.3. Wireless Networking about:reader?url=https://www.freebsd.org/doc/h...

The interface must be up before it can scan. Subsequent scan


requests do not require the interface to be marked as up again.

The output of a scan request lists each BSS/IBSS network


found. Besides listing the name of the network, the SSID, the
output also shows the BSSID, which is the MAC address of the
access point. The CAPS field identifies the type of each
network and the capabilities of the stations operating there:

Table 31.2. Station Capability Codes

Capability Meaning
Code

E Extended Service Set (ESS). Indicates that


the station is part of an infrastructure network
rather than an IBSS/ad-hoc network.

I IBSS/ad-hoc network. Indicates that the


station is part of an ad-hoc network rather than
an ESS network.

P Privacy. Encryption is required for all data


frames exchanged within the BSS using
cryptographic means such as WEP, TKIP or
AES-CCMP.

S Short Preamble. Indicates that the network is


using short preambles, defined in 802.11b
High Rate/DSSS PHY, and utilizes a 56 bit
sync field rather than the 128 bit field used in

2 of 24 4/17/20, 3:38 PM
31.3. Wireless Networking about:reader?url=https://www.freebsd.org/doc/h...

Capability Meaning
Code

long preamble mode.

s Short slot time. Indicates that the 802.11g


network is using a short slot time because
there are no legacy (802.11b) stations present.

One can also display the current list of known networks with:

# ifconfig wlan0 list scan

This information may be updated automatically by the adapter


or manually with a scan request. Old data is automatically
removed from the cache, so over time this list may shrink
unless more scans are done.

31.3.4.1.2. Basic Settings

This section provides a simple example of how to make the


wireless network adapter work in FreeBSD without encryption.
Once familiar with these concepts, it is strongly recommend to
use WPA to set up the wireless network.

There are three basic steps to configure a wireless network:


select an access point, authenticate the station, and configure
an IP address. The following sections discuss each step.

31.3.4.1.2.1. Selecting an Access Point

3 of 24 4/17/20, 3:38 PM
31.3. Wireless Networking about:reader?url=https://www.freebsd.org/doc/h...

Most of the time, it is sufficient to let the system choose an


access point using the builtin heuristics. This is the default
behavior when an interface is marked as up or it is listed in
/etc/rc.conf:

wlans_ath0="wlan0"
ifconfig_wlan0="DHCP"

If there are multiple access points, a specific one can be


selected by its SSID:
wlans_ath0="wlan0"
ifconfig_wlan0="ssid your_ssid_here DHCP"

In an environment where there are multiple access points with


the same SSID, which is often done to simplify roaming, it may
be necessary to associate to one specific device. In this case,
the BSSID of the access point can be specified, with or without
the SSID:
wlans_ath0="wlan0"
ifconfig_wlan0="ssid your_ssid_here bssid
xx:xx:xx:xx:xx:xx DHCP"

There are other ways to constrain the choice of an access


point, such as limiting the set of frequencies the system will
scan on. This may be useful for a multi-band wireless card as
scanning all the possible channels can be time-consuming. To
limit operation to a specific band, use the mode parameter:

wlans_ath0="wlan0"
ifconfig_wlan0="mode 11g ssid your_ssid_here

4 of 24 4/17/20, 3:38 PM
31.3. Wireless Networking about:reader?url=https://www.freebsd.org/doc/h...

DHCP"

This example will force the card to operate in 802.11g, which is


defined only for 2.4GHz frequencies so any 5GHz channels
will not be considered. This can also be achieved with the
channel parameter, which locks operation to one specific
frequency, and the chanlist parameter, to specify a list of
channels for scanning. More information about these
parameters can be found in ifconfig(8).

31.3.4.1.2.2. Authentication

Once an access point is selected, the station needs to


authenticate before it can pass data. Authentication can
happen in several ways. The most common scheme, open
authentication, allows any station to join the network and
communicate. This is the authentication to use for test
purposes the first time a wireless network is setup. Other
schemes require cryptographic handshakes to be completed
before data traffic can flow, either using pre-shared keys or
secrets, or more complex schemes that involve backend
services such as RADIUS. Open authentication is the default
setting. The next most common setup is WPA-PSK, also
known as WPA Personal, which is described in
Section 31.3.4.1.3.1, “WPA-PSK”.

Note:

If using an Apple® AirPort® Extreme base station for an

5 of 24 4/17/20, 3:38 PM
31.3. Wireless Networking about:reader?url=https://www.freebsd.org/doc/h...

access point, shared-key authentication together with a WEP


key needs to be configured. This can be configured in
/etc/rc.conf or by using wpa_supplicant(8). For a single
AirPort® base station, access can be configured with:
wlans_ath0="wlan0"
ifconfig_wlan0="authmode shared wepmode on
weptxkey 1 wepkey 01234567 DHCP"

In general, shared key authentication should be avoided


because it uses the WEP key material in a highly-constrained
manner, making it even easier to crack the key. If WEP must
be used for compatibility with legacy devices, it is better to use
WEP with open authentication. More information regarding
WEP can be found in Section 31.3.4.1.4, “WEP”.

31.3.4.1.2.3. Getting an IP Address with DHCP

Once an access point is selected and the authentication


parameters are set, an IP address must be obtained in order to
communicate. Most of the time, the IP address is obtained via
DHCP. To achieve that, edit /etc/rc.conf and add DHCP to
the configuration for the device:
wlans_ath0="wlan0"
ifconfig_wlan0="DHCP"

The wireless interface is now ready to bring up:

# service netif start

6 of 24 4/17/20, 3:38 PM
31.3. Wireless Networking about:reader?url=https://www.freebsd.org/doc/h...

Once the interface is running, use ifconfig(8) to see the status


of the interface ath0:

# ifconfig wlan0
wlan0:
flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST>
mtu 1500
ether 00:11:95:d5:43:62
inet 192.168.1.100 netmask 0xffffff00
broadcast 192.168.1.255
media: IEEE 802.11 Wireless Ethernet
OFDM/54Mbps mode 11g
status: associated
ssid dlinkap channel 11 (2462 Mhz 11g)
bssid 00:13:46:49:41:76
country US ecm authmode OPEN privacy
OFF txpower 21.5 bmiss 7
scanvalid 60 bgscan bgscanintvl 300
bgscanidle 250 roam:rssi 7
roam:rate 5 protmode CTS wme burst

The status: associated line means that it is connected to


the wireless network. The bssid 00:13:46:49:41:76 is
the MAC address of the access point and authmode OPEN
indicates that the communication is not encrypted.

31.3.4.1.2.4. Static IP Address

7 of 24 4/17/20, 3:38 PM
31.3. Wireless Networking about:reader?url=https://www.freebsd.org/doc/h...

If an IP address cannot be obtained from a DHCP server, set a


fixed IP address. Replace the DHCP keyword shown above with
the address information. Be sure to retain any other
parameters for selecting the access point:
wlans_ath0="wlan0"
ifconfig_wlan0="inet 192.168.1.100 netmask
255.255.255.0 ssid your_ssid_here"

Wi-Fi Protected Access (WPA) is a security protocol used


together with 802.11 networks to address the lack of proper
authentication and the weakness of WEP. WPA leverages the
802.1X authentication protocol and uses one of several ciphers
instead of WEP for data integrity. The only cipher required by
WPA is the Temporary Key Integrity Protocol (TKIP). TKIP is a
cipher that extends the basic RC4 cipher used by WEP by
adding integrity checking, tamper detection, and measures for
responding to detected intrusions. TKIP is designed to work on
legacy hardware with only software modification. It represents
a compromise that improves security but is still not entirely
immune to attack. WPA also specifies the AES-CCMP cipher
as an alternative to TKIP, and that is preferred when possible.
For this specification, the term WPA2 or RSN is commonly
used.

WPA defines authentication and encryption protocols.


Authentication is most commonly done using one of two
techniques: by 802.1X and a backend authentication service
such as RADIUS, or by a minimal handshake between the

8 of 24 4/17/20, 3:38 PM
31.3. Wireless Networking about:reader?url=https://www.freebsd.org/doc/h...

station and the access point using a pre-shared secret. The


former is commonly termed WPA Enterprise and the latter is
known as WPA Personal. Since most people will not set up a
RADIUS backend server for their wireless network, WPA-PSK
is by far the most commonly encountered configuration for
WPA.

The control of the wireless connection and the key negotiation


or authentication with a server is done using
wpa_supplicant(8). This program requires a configuration file,
/etc/wpa_supplicant.conf, to run. More information
regarding this file can be found in wpa_supplicant.conf(5).

WPA-PSK, also known as WPA Personal, is based on a pre-


shared key (PSK) which is generated from a given password
and used as the master key in the wireless network. This
means every wireless user will share the same key. WPA-PSK
is intended for small networks where the use of an
authentication server is not possible or desired.

Warning:

Always use strong passwords that are sufficiently long and


made from a rich alphabet so that they will not be easily
guessed or attacked.

The first step is the configuration of


/etc/wpa_supplicant.conf with the SSID and the pre-
shared key of the network:

network={

9 of 24 4/17/20, 3:38 PM
31.3. Wireless Networking about:reader?url=https://www.freebsd.org/doc/h...

ssid="freebsdap"
psk="freebsdmall"
}

Then, in /etc/rc.conf, indicate that the wireless device


configuration will be done with WPA and the IP address will be
obtained with DHCP:

wlans_ath0="wlan0"
ifconfig_wlan0="WPA DHCP"

Then, bring up the interface:

# service netif start


Starting wpa_supplicant.
DHCPDISCOVER on wlan0 to 255.255.255.255 port
67 interval 5
DHCPDISCOVER on wlan0 to 255.255.255.255 port
67 interval 6
DHCPOFFER from 192.168.0.1
DHCPREQUEST on wlan0 to 255.255.255.255 port
67
DHCPACK from 192.168.0.1
bound to 192.168.0.254 -- renewal in 300
seconds.
wlan0:
flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST>
mtu 1500
ether 00:11:95:d5:43:62
inet 192.168.0.254 netmask 0xffffff00

10 of 24 4/17/20, 3:38 PM
31.3. Wireless Networking about:reader?url=https://www.freebsd.org/doc/h...

broadcast 192.168.0.255
media: IEEE 802.11 Wireless Ethernet
OFDM/36Mbps mode 11g
status: associated
ssid freebsdap channel 1 (2412 Mhz 11g)
bssid 00:11:95:c3:0d:ac
country US ecm authmode WPA2/802.11i
privacy ON deftxkey UNDEF
AES-CCM 3:128-bit txpower 21.5 bmiss 7
scanvalid 450 bgscan
bgscanintvl 300 bgscanidle 250 roam:rssi
7 roam:rate 5 protmode CTS
wme burst roaming MANUAL

Or, try to configure the interface manually using the information


in /etc/wpa_supplicant.conf:

# wpa_supplicant -i wlan0 -c
/etc/wpa_supplicant.conf
Trying to associate with 00:11:95:c3:0d:ac
(SSID='freebsdap' freq=2412 MHz)
Associated with 00:11:95:c3:0d:ac
WPA: Key negotiation completed with
00:11:95:c3:0d:ac [PTK=CCMP GTK=CCMP]
CTRL-EVENT-CONNECTED - Connection to
00:11:95:c3:0d:ac completed (auth) [id=0
id_str=]

The next operation is to launch dhclient(8) to get the IP

11 of 24 4/17/20, 3:38 PM
31.3. Wireless Networking about:reader?url=https://www.freebsd.org/doc/h...

address from the DHCP server:

# dhclient wlan0
DHCPREQUEST on wlan0 to 255.255.255.255 port
67
DHCPACK from 192.168.0.1
bound to 192.168.0.254 -- renewal in 300
seconds.
# ifconfig wlan0
wlan0:
flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST>
mtu 1500
ether 00:11:95:d5:43:62
inet 192.168.0.254 netmask 0xffffff00
broadcast 192.168.0.255
media: IEEE 802.11 Wireless Ethernet
OFDM/36Mbps mode 11g
status: associated
ssid freebsdap channel 1 (2412 Mhz 11g)
bssid 00:11:95:c3:0d:ac
country US ecm authmode WPA2/802.11i
privacy ON deftxkey UNDEF
AES-CCM 3:128-bit txpower 21.5 bmiss 7
scanvalid 450 bgscan
bgscanintvl 300 bgscanidle 250 roam:rssi
7 roam:rate 5 protmode CTS
wme burst roaming MANUAL

12 of 24 4/17/20, 3:38 PM
31.3. Wireless Networking about:reader?url=https://www.freebsd.org/doc/h...

Note:

If /etc/rc.conf has an ifconfig_wlan0="DHCP" entry,


dhclient(8) will be launched automatically after
wpa_supplicant(8) associates with the access point.

If DHCP is not possible or desired, set a static IP address after


wpa_supplicant(8) has authenticated the station:

# ifconfig wlan0 inet 192.168.0.100 netmask


255.255.255.0
# ifconfig wlan0
wlan0:
flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST>
mtu 1500
ether 00:11:95:d5:43:62
inet 192.168.0.100 netmask 0xffffff00
broadcast 192.168.0.255
media: IEEE 802.11 Wireless Ethernet
OFDM/36Mbps mode 11g
status: associated
ssid freebsdap channel 1 (2412 Mhz 11g)
bssid 00:11:95:c3:0d:ac
country US ecm authmode WPA2/802.11i
privacy ON deftxkey UNDEF
AES-CCM 3:128-bit txpower 21.5 bmiss 7
scanvalid 450 bgscan
bgscanintvl 300 bgscanidle 250 roam:rssi
7 roam:rate 5 protmode CTS

13 of 24 4/17/20, 3:38 PM
31.3. Wireless Networking about:reader?url=https://www.freebsd.org/doc/h...

wme burst roaming MANUAL

When DHCP is not used, the default gateway and the


nameserver also have to be manually set:
# route add default your_default_router
# echo "nameserver your_DNS_server" >>
/etc/resolv.conf

31.3.4.1.3.2. WPA with EAP-TLS

The second way to use WPA is with an 802.1X backend


authentication server. In this case, WPA is called WPA
Enterprise to differentiate it from the less secure WPA
Personal. Authentication in WPA Enterprise is based on the
Extensible Authentication Protocol (EAP).

EAP does not come with an encryption method. Instead, EAP


is embedded inside an encrypted tunnel. There are many EAP
authentication methods, but EAP-TLS, EAP-TTLS, and EAP-
PEAP are the most common.

EAP with Transport Layer Security (EAP-TLS) is a well-


supported wireless authentication protocol since it was the first
EAP method to be certified by the Wi-Fi Alliance. EAP-TLS
requires three certificates to run: the certificate of the
Certificate Authority (CA) installed on all machines, the server
certificate for the authentication server, and one client
certificate for each wireless client. In this EAP method, both
the authentication server and wireless client authenticate each

14 of 24 4/17/20, 3:38 PM
31.3. Wireless Networking about:reader?url=https://www.freebsd.org/doc/h...

other by presenting their respective certificates, and then verify


that these certificates were signed by the organization's CA.

As previously, the configuration is done via


/etc/wpa_supplicant.conf:

network={
ssid="freebsdap"
proto=RSN
key_mgmt=WPA-EAP
eap=TLS
identity="loader"
ca_cert="/etc/certs/cacert.pem"
client_cert="/etc/certs/clientcert.pem"
private_key="/etc/certs/clientkey.pem"
private_key_passwd="freebsdmallclient"
}

This field indicates the network name (SSID).

This example uses the RSN IEEE® 802.11i protocol, also


known as WPA2.

The key_mgmt line refers to the key management


protocol to use. In this example, it is WPA using EAP
authentication.

This field indicates the EAP method for the connection.

The identity field contains the identity string for EAP.

15 of 24 4/17/20, 3:38 PM
31.3. Wireless Networking about:reader?url=https://www.freebsd.org/doc/h...

Then, add the following lines to /etc/rc.conf:

wlans_ath0="wlan0"
ifconfig_wlan0="WPA DHCP"

The next step is to bring up the interface:


# service netif start
Starting wpa_supplicant.
DHCPREQUEST on wlan0 to 255.255.255.255 port
67 interval 7
DHCPREQUEST on wlan0 to 255.255.255.255 port
67 interval 15
DHCPACK from 192.168.0.20
bound to 192.168.0.254 -- renewal in 300
seconds.
wlan0:
flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST>
mtu 1500
ether 00:11:95:d5:43:62
inet 192.168.0.254 netmask 0xffffff00
broadcast 192.168.0.255
media: IEEE 802.11 Wireless Ethernet
DS/11Mbps mode 11g
status: associated
ssid freebsdap channel 1 (2412 Mhz 11g)
bssid 00:11:95:c3:0d:ac
country US ecm authmode WPA2/802.11i
privacy ON deftxkey UNDEF

16 of 24 4/17/20, 3:38 PM
31.3. Wireless Networking about:reader?url=https://www.freebsd.org/doc/h...

AES-CCM 3:128-bit txpower 21.5 bmiss 7


scanvalid 450 bgscan
bgscanintvl 300 bgscanidle 250 roam:rssi
7 roam:rate 5 protmode CTS
wme burst roaming MANUAL

It is also possible to bring up the interface manually using


wpa_supplicant(8) and ifconfig(8).

31.3.4.1.3.3. WPA with EAP-TTLS

With EAP-TLS, both the authentication server and the client


need a certificate. With EAP-TTLS, a client certificate is
optional. This method is similar to a web server which creates
a secure SSL tunnel even if visitors do not have client-side
certificates. EAP-TTLS uses an encrypted TLS tunnel for safe
transport of the authentication data.

The required configuration can be added to


/etc/wpa_supplicant.conf:

network={
ssid="freebsdap"
proto=RSN
key_mgmt=WPA-EAP
eap=TTLS
identity="test"
password="test"
ca_cert="/etc/certs/cacert.pem"

17 of 24 4/17/20, 3:38 PM
31.3. Wireless Networking about:reader?url=https://www.freebsd.org/doc/h...

phase2="auth=MD5"
}

This field specifies the EAP method for the connection.

The identity field contains the identity string for EAP


authentication inside the encrypted TLS tunnel.

The password field contains the passphrase for the EAP


authentication.

The ca_cert field indicates the pathname of the CA


certificate file. This file is needed to verify the server
certificate.

This field specifies the authentication method used in the


encrypted TLS tunnel. In this example, EAP with MD5-
Challenge is used. The “inner authentication” phase is
often called “phase2”.

Next, add the following lines to /etc/rc.conf:

wlans_ath0="wlan0"
ifconfig_wlan0="WPA DHCP"

The next step is to bring up the interface:

# service netif start


Starting wpa_supplicant.
DHCPREQUEST on wlan0 to 255.255.255.255 port
67 interval 7

18 of 24 4/17/20, 3:38 PM
31.3. Wireless Networking about:reader?url=https://www.freebsd.org/doc/h...

DHCPREQUEST on wlan0 to 255.255.255.255 port


67 interval 15
DHCPREQUEST on wlan0 to 255.255.255.255 port
67 interval 21
DHCPACK from 192.168.0.20
bound to 192.168.0.254 -- renewal in 300
seconds.
wlan0:
flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST>
mtu 1500
ether 00:11:95:d5:43:62
inet 192.168.0.254 netmask 0xffffff00
broadcast 192.168.0.255
media: IEEE 802.11 Wireless Ethernet
DS/11Mbps mode 11g
status: associated
ssid freebsdap channel 1 (2412 Mhz 11g)
bssid 00:11:95:c3:0d:ac
country US ecm authmode WPA2/802.11i
privacy ON deftxkey UNDEF
AES-CCM 3:128-bit txpower 21.5 bmiss 7
scanvalid 450 bgscan
bgscanintvl 300 bgscanidle 250 roam:rssi
7 roam:rate 5 protmode CTS
wme burst roaming MANUAL

31.3.4.1.3.4. WPA with EAP-PEAP

19 of 24 4/17/20, 3:38 PM
31.3. Wireless Networking about:reader?url=https://www.freebsd.org/doc/h...

Note:

PEAPv0/EAP-MSCHAPv2 is the most common PEAP method.


In this chapter, the term PEAP is used to refer to that method.

Protected EAP (PEAP) is designed as an alternative to EAP-


TTLS and is the most used EAP standard after EAP-TLS. In a
network with mixed operating systems, PEAP should be the
most supported standard after EAP-TLS.

PEAP is similar to EAP-TTLS as it uses a server-side


certificate to authenticate clients by creating an encrypted TLS
tunnel between the client and the authentication server, which
protects the ensuing exchange of authentication information.
PEAP authentication differs from EAP-TTLS as it broadcasts
the username in the clear and only the password is sent in the
encrypted TLS tunnel. EAP-TTLS will use the TLS tunnel for
both the username and password.

Add the following lines to /etc/wpa_supplicant.conf to


configure the EAP-PEAP related settings:

network={
ssid="freebsdap"
proto=RSN
key_mgmt=WPA-EAP
eap=PEAP
identity="test"
password="test"
ca_cert="/etc/certs/cacert.pem"

20 of 24 4/17/20, 3:38 PM
31.3. Wireless Networking about:reader?url=https://www.freebsd.org/doc/h...

phase1="peaplabel=0"
phase2="auth=MSCHAPV2"
}

This field specifies the EAP method for the connection.

The identity field contains the identity string for EAP


authentication inside the encrypted TLS tunnel.

The password field contains the passphrase for the EAP


authentication.

The ca_cert field indicates the pathname of the CA


certificate file. This file is needed to verify the server
certificate.

This field contains the parameters for the first phase of


authentication, the TLS tunnel. According to the
authentication server used, specify a specific label for
authentication. Most of the time, the label will be “client
EAP encryption” which is set by using peaplabel=0.
More information can be found in wpa_supplicant.conf(5).

This field specifies the authentication protocol used in the


encrypted TLS tunnel. In the case of PEAP, it is
auth=MSCHAPV2.

Add the following to /etc/rc.conf:

wlans_ath0="wlan0"

21 of 24 4/17/20, 3:38 PM
31.3. Wireless Networking about:reader?url=https://www.freebsd.org/doc/h...

ifconfig_wlan0="WPA DHCP"

Then, bring up the interface:

# service netif start


Starting wpa_supplicant.
DHCPREQUEST on wlan0 to 255.255.255.255 port
67 interval 7
DHCPREQUEST on wlan0 to 255.255.255.255 port
67 interval 15
DHCPREQUEST on wlan0 to 255.255.255.255 port
67 interval 21
DHCPACK from 192.168.0.20
bound to 192.168.0.254 -- renewal in 300
seconds.
wlan0:
flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST>
mtu 1500
ether 00:11:95:d5:43:62
inet 192.168.0.254 netmask 0xffffff00
broadcast 192.168.0.255
media: IEEE 802.11 Wireless Ethernet
DS/11Mbps mode 11g
status: associated
ssid freebsdap channel 1 (2412 Mhz 11g)
bssid 00:11:95:c3:0d:ac
country US ecm authmode WPA2/802.11i
privacy ON deftxkey UNDEF
AES-CCM 3:128-bit txpower 21.5 bmiss 7

22 of 24 4/17/20, 3:38 PM
31.3. Wireless Networking about:reader?url=https://www.freebsd.org/doc/h...

scanvalid 450 bgscan


bgscanintvl 300 bgscanidle 250 roam:rssi
7 roam:rate 5 protmode CTS
wme burst roaming MANUAL

Wired Equivalent Privacy (WEP) is part of the original 802.11


standard. There is no authentication mechanism, only a weak
form of access control which is easily cracked.

WEP can be set up using ifconfig(8):


# ifconfig wlan0 create wlandev ath0
# ifconfig wlan0 inet 192.168.1.100 netmask
255.255.255.0 \
ssid my_net wepmode on weptxkey 3
wepkey 3:0x3456789012

The weptxkey specifies which WEP key will be used in the


transmission. This example uses the third key. This must
match the setting on the access point. When unsure which key
is used by the access point, try 1 (the first key) for this value.

The wepkey selects one of the WEP keys. It should be in the


format index:key. Key 1 is used by default; the index only
needs to be set when using a key other than the first key.

Note:

Replace the 0x3456789012 with the key configured for use


on the access point.

Refer to ifconfig(8) for further information.

23 of 24 4/17/20, 3:38 PM
31.3. Wireless Networking about:reader?url=https://www.freebsd.org/doc/h...

The wpa_supplicant(8) facility can be used to configure a


wireless interface with WEP. The example above can be set up
by adding the following lines to
/etc/wpa_supplicant.conf:

network={
ssid="my_net"
key_mgmt=NONE
wep_key3=3456789012
wep_tx_keyidx=3
}

Then:

# wpa_supplicant -i wlan0 -c
/etc/wpa_supplicant.conf
Trying to associate with 00:13:46:49:41:76
(SSID='dlinkap' freq=2437 MHz)
Associated with 00:13:46:49:41:76

24 of 24 4/17/20, 3:38 PM

You might also like