Source string Read only

(itstool) path: sect5/para
91/910
Context English State
Then, bring up the interface:
<prompt>#</prompt> <userinput>service netif start</userinput>
Starting wpa_supplicant.
DHCPDISCOVER on wlan0 to 255.255.255.255 port 67 interval 5
DHCPDISCOVER on wlan0 to 255.255.255.255 port 67 interval 6
DHCPOFFER from 192.168.0.1
DHCPREQUEST on wlan0 to 255.255.255.255 port 67
DHCPACK from 192.168.0.1
bound to 192.168.0.254 -- renewal in 300 seconds.
wlan0: flags=8843&lt;UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST&gt; mtu 1500
ether 00:11:95:d5:43:62
inet 192.168.0.254 netmask 0xffffff00 broadcast 192.168.0.255
media: IEEE 802.11 Wireless Ethernet OFDM/36Mbps mode 11g
status: associated
ssid freebsdap channel 1 (2412 Mhz 11g) bssid 00:11:95:c3:0d:ac
country US ecm authmode WPA2/802.11i privacy ON deftxkey UNDEF
AES-CCM 3:128-bit txpower 21.5 bmiss 7 scanvalid 450 bgscan
bgscanintvl 300 bgscanidle 250 roam:rssi 7 roam:rate 5 protmode CTS
wme burst roaming MANUAL
Or, try to configure the interface manually using the information in <filename>/etc/wpa_supplicant.conf</filename>:
<prompt>#</prompt> <userinput>wpa_supplicant -i <replaceable>wlan0</replaceable> -c /etc/wpa_supplicant.conf</userinput>
Trying to associate with 00:11:95:c3:0d:ac (SSID='freebsdap' freq=2412 MHz)
Associated with 00:11:95:c3:0d:ac
WPA: Key negotiation completed with 00:11:95:c3:0d:ac [PTK=CCMP GTK=CCMP]
CTRL-EVENT-CONNECTED - Connection to 00:11:95:c3:0d:ac completed (auth) [id=0 id_str=]
The next operation is to launch <citerefentry><refentrytitle>dhclient</refentrytitle><manvolnum>8</manvolnum></citerefentry> to get the <acronym>IP</acronym> address from the <acronym>DHCP</acronym> server:
<prompt>#</prompt> <userinput>dhclient <replaceable>wlan0</replaceable></userinput>
DHCPREQUEST on wlan0 to 255.255.255.255 port 67
DHCPACK from 192.168.0.1
bound to 192.168.0.254 -- renewal in 300 seconds.
<prompt>#</prompt> <userinput>ifconfig <replaceable>wlan0</replaceable></userinput>
wlan0: flags=8843&lt;UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST&gt; mtu 1500
ether 00:11:95:d5:43:62
inet 192.168.0.254 netmask 0xffffff00 broadcast 192.168.0.255
media: IEEE 802.11 Wireless Ethernet OFDM/36Mbps mode 11g
status: associated
ssid freebsdap channel 1 (2412 Mhz 11g) bssid 00:11:95:c3:0d:ac
country US ecm authmode WPA2/802.11i privacy ON deftxkey UNDEF
AES-CCM 3:128-bit txpower 21.5 bmiss 7 scanvalid 450 bgscan
bgscanintvl 300 bgscanidle 250 roam:rssi 7 roam:rate 5 protmode CTS
wme burst roaming MANUAL
If <filename>/etc/rc.conf</filename> has an <literal>ifconfig_wlan0="DHCP"</literal> entry, <citerefentry><refentrytitle>dhclient</refentrytitle><manvolnum>8</manvolnum></citerefentry> will be launched automatically after <citerefentry><refentrytitle>wpa_supplicant</refentrytitle><manvolnum>8</manvolnum></citerefentry> associates with the access point.
If <acronym>DHCP</acronym> is not possible or desired, set a static <acronym>IP</acronym> address after <citerefentry><refentrytitle>wpa_supplicant</refentrytitle><manvolnum>8</manvolnum></citerefentry> has authenticated the station:
<prompt>#</prompt> <userinput>ifconfig <replaceable>wlan0</replaceable> inet <replaceable>192.168.0.100</replaceable> netmask <replaceable>255.255.255.0</replaceable></userinput>
<prompt>#</prompt> <userinput>ifconfig <replaceable>wlan0</replaceable></userinput>
wlan0: flags=8843&lt;UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST&gt; mtu 1500
ether 00:11:95:d5:43:62
inet 192.168.0.100 netmask 0xffffff00 broadcast 192.168.0.255
media: IEEE 802.11 Wireless Ethernet OFDM/36Mbps mode 11g
status: associated
ssid freebsdap channel 1 (2412 Mhz 11g) bssid 00:11:95:c3:0d:ac
country US ecm authmode WPA2/802.11i privacy ON deftxkey UNDEF
AES-CCM 3:128-bit txpower 21.5 bmiss 7 scanvalid 450 bgscan
bgscanintvl 300 bgscanidle 250 roam:rssi 7 roam:rate 5 protmode CTS
wme burst roaming MANUAL
When <acronym>DHCP</acronym> is not used, the default gateway and the nameserver also have to be manually set:
<prompt>#</prompt> <userinput>route add default <replaceable>your_default_router</replaceable></userinput>
<prompt>#</prompt> <userinput>echo "nameserver <replaceable>your_DNS_server</replaceable>" &gt;&gt; /etc/resolv.conf</userinput>
<acronym>WPA</acronym> with <acronym>EAP-TLS</acronym>
The second way to use <acronym>WPA</acronym> is with an 802.1X backend authentication server. In this case, <acronym>WPA</acronym> is called <acronym>WPA</acronym> Enterprise to differentiate it from the less secure <acronym>WPA</acronym> Personal. Authentication in <acronym>WPA</acronym> Enterprise is based on the Extensible Authentication Protocol (<acronym>EAP</acronym>).
<acronym>EAP</acronym> does not come with an encryption method. Instead, <acronym>EAP</acronym> is embedded inside an encrypted tunnel. There are many <acronym>EAP</acronym> authentication methods, but <acronym>EAP-TLS</acronym>, <acronym>EAP-TTLS</acronym>, and <acronym>EAP-PEAP</acronym> are the most common.
EAP with Transport Layer Security (<acronym>EAP-TLS</acronym>) is a well-supported wireless authentication protocol since it was the first <acronym>EAP</acronym> method to be certified by the <link xlink:href="http://www.wi-fi.org/">Wi-Fi Alliance</link>. <acronym>EAP-TLS</acronym> requires three certificates to run: the certificate of the Certificate Authority (<acronym>CA</acronym>) installed on all machines, the server certificate for the authentication server, and one client certificate for each wireless client. In this <acronym>EAP</acronym> method, both the authentication server and wireless client authenticate each other by presenting their respective certificates, and then verify that these certificates were signed by the organization's <acronym>CA</acronym>.
As previously, the configuration is done via <filename>/etc/wpa_supplicant.conf</filename>:
network={
ssid="freebsdap" <co xml:id="co-tls-ssid"/>
proto=RSN <co xml:id="co-tls-proto"/>
key_mgmt=WPA-EAP <co xml:id="co-tls-kmgmt"/>
eap=TLS <co xml:id="co-tls-eap"/>
identity="loader" <co xml:id="co-tls-id"/>
ca_cert="/etc/certs/cacert.pem" <co xml:id="co-tls-cacert"/>
client_cert="/etc/certs/clientcert.pem" <co xml:id="co-tls-clientcert"/>
private_key="/etc/certs/clientkey.pem" <co xml:id="co-tls-pkey"/>
private_key_passwd="freebsdmallclient" <co xml:id="co-tls-pwd"/>
}
This field indicates the network name (<acronym>SSID</acronym>).
This example uses the <acronym>RSN</acronym> <trademark class="registered">IEEE</trademark> 802.11i protocol, also known as <acronym>WPA2</acronym>.
The <literal>key_mgmt</literal> line refers to the key management protocol to use. In this example, it is <acronym>WPA</acronym> using <acronym>EAP</acronym> authentication.
This field indicates the <acronym>EAP</acronym> method for the connection.
The <literal>identity</literal> field contains the identity string for <acronym>EAP</acronym>.
The <literal>ca_cert</literal> field indicates the pathname of the <acronym>CA</acronym> certificate file. This file is needed to verify the server certificate.
The <literal>client_cert</literal> line gives the pathname to the client certificate file. This certificate is unique to each wireless client of the network.
The <literal>private_key</literal> field is the pathname to the client certificate private key file.
The <literal>private_key_passwd</literal> field contains the passphrase for the private key.
Then, add the following lines to <filename>/etc/rc.conf</filename>:
The next step is to bring up the interface:
<prompt>#</prompt> <userinput>service netif start</userinput>
Starting wpa_supplicant.
DHCPREQUEST on wlan0 to 255.255.255.255 port 67 interval 7
DHCPREQUEST on wlan0 to 255.255.255.255 port 67 interval 15
DHCPACK from 192.168.0.20
bound to 192.168.0.254 -- renewal in 300 seconds.
wlan0: flags=8843&lt;UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST&gt; mtu 1500
ether 00:11:95:d5:43:62
inet 192.168.0.254 netmask 0xffffff00 broadcast 192.168.0.255
media: IEEE 802.11 Wireless Ethernet DS/11Mbps mode 11g
status: associated
ssid freebsdap channel 1 (2412 Mhz 11g) bssid 00:11:95:c3:0d:ac
country US ecm authmode WPA2/802.11i privacy ON deftxkey UNDEF
AES-CCM 3:128-bit txpower 21.5 bmiss 7 scanvalid 450 bgscan
bgscanintvl 300 bgscanidle 250 roam:rssi 7 roam:rate 5 protmode CTS
wme burst roaming MANUAL
It is also possible to bring up the interface manually using <citerefentry><refentrytitle>wpa_supplicant</refentrytitle><manvolnum>8</manvolnum></citerefentry> and <citerefentry><refentrytitle>ifconfig</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
<acronym>WPA</acronym> with <acronym>EAP-TTLS</acronym>

Loading…

No matching activity found.

Browse all component changes

Glossary

English English
No related strings found in the glossary.

Source information

Source string comment
(itstool) path: sect5/para
Flags
read-only
Source string location
book.translate.xml:65426
String age
a year ago
Source string age
a year ago
Translation file
books/handbook.pot, string 10717