The translation is temporarily closed for contributions due to maintenance, please come back later.

Source string Read only

(itstool) path: sect4/para
Context English State
Once an access point is selected, the station needs to authenticate before it can pass data. Authentication can happen in several ways. The most common scheme, open authentication, allows any station to join the network and communicate. This is the authentication to use for test purposes the first time a wireless network is setup. Other schemes require cryptographic handshakes to be completed before data traffic can flow, either using pre-shared keys or secrets, or more complex schemes that involve backend services such as <acronym>RADIUS</acronym>. Open authentication is the default setting. The next most common setup is <acronym>WPA-PSK</acronym>, also known as <acronym>WPA</acronym> Personal, which is described in <xref linkend="network-wireless-wpa-wpa-psk"/>.
If using an <trademark class="registered">Apple</trademark> <trademark class="registered">AirPort</trademark> Extreme base station for an access point, shared-key authentication together with a <acronym>WEP</acronym> key needs to be configured. This can be configured in <filename>/etc/rc.conf</filename> or by using <citerefentry><refentrytitle>wpa_supplicant</refentrytitle><manvolnum>8</manvolnum></citerefentry>. For a single <trademark class="registered">AirPort</trademark> base station, access can be configured with:
wlans_ath0="wlan0"
ifconfig_wlan0="authmode shared wepmode on weptxkey <replaceable>1</replaceable> wepkey <replaceable>01234567</replaceable> DHCP"
In general, shared key authentication should be avoided because it uses the <acronym>WEP</acronym> key material in a highly-constrained manner, making it even easier to crack the key. If <acronym>WEP</acronym> must be used for compatibility with legacy devices, it is better to use <acronym>WEP</acronym> with <literal>open</literal> authentication. More information regarding <acronym>WEP</acronym> can be found in <xref linkend="network-wireless-wep"/>.
Getting an <acronym>IP</acronym> Address with <acronym>DHCP</acronym>
Once an access point is selected and the authentication parameters are set, an <acronym>IP</acronym> address must be obtained in order to communicate. Most of the time, the <acronym>IP</acronym> address is obtained via <acronym>DHCP</acronym>. To achieve that, edit <filename>/etc/rc.conf</filename> and add <literal>DHCP</literal> to the configuration for the device:
The wireless interface is now ready to bring up:
<prompt>#</prompt> <userinput>service netif start</userinput>
Once the interface is running, use <citerefentry><refentrytitle>ifconfig</refentrytitle><manvolnum>8</manvolnum></citerefentry> to see the status of the interface <filename>ath0</filename>:
<prompt>#</prompt> <userinput>ifconfig <replaceable>wlan0</replaceable></userinput>
wlan0: flags=8843&lt;UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST&gt; mtu 1500
ether 00:11:95:d5:43:62
inet 192.168.1.100 netmask 0xffffff00 broadcast 192.168.1.255
media: IEEE 802.11 Wireless Ethernet OFDM/54Mbps mode 11g
status: associated
ssid dlinkap channel 11 (2462 Mhz 11g) bssid 00:13:46:49:41:76
country US ecm authmode OPEN privacy OFF txpower 21.5 bmiss 7
scanvalid 60 bgscan bgscanintvl 300 bgscanidle 250 roam:rssi 7
roam:rate 5 protmode CTS wme burst
The <literal>status: associated</literal> line means that it is connected to the wireless network. The <literal>bssid 00:13:46:49:41:76</literal> is the <acronym>MAC</acronym> address of the access point and <literal>authmode OPEN</literal> indicates that the communication is not encrypted.
Static <acronym>IP</acronym> Address
If an <acronym>IP</acronym> address cannot be obtained from a <acronym>DHCP</acronym> server, set a fixed <acronym>IP</acronym> address. Replace the <literal>DHCP</literal> keyword shown above with the address information. Be sure to retain any other parameters for selecting the access point:
wlans_ath0="wlan0"
ifconfig_wlan0="inet <replaceable>192.168.1.100</replaceable> netmask <replaceable>255.255.255.0</replaceable> ssid <replaceable>your_ssid_here</replaceable>"
<acronym>WPA</acronym>
Wi-Fi Protected Access (<acronym>WPA</acronym>) is a security protocol used together with 802.11 networks to address the lack of proper authentication and the weakness of <acronym>WEP</acronym>. WPA leverages the 802.1X authentication protocol and uses one of several ciphers instead of <acronym>WEP</acronym> for data integrity. The only cipher required by <acronym>WPA</acronym> is the Temporary Key Integrity Protocol (<acronym>TKIP</acronym>). <acronym>TKIP</acronym> is a cipher that extends the basic RC4 cipher used by <acronym>WEP</acronym> by adding integrity checking, tamper detection, and measures for responding to detected intrusions. <acronym>TKIP</acronym> is designed to work on legacy hardware with only software modification. It represents a compromise that improves security but is still not entirely immune to attack. <acronym>WPA</acronym> also specifies the <acronym>AES-CCMP</acronym> cipher as an alternative to <acronym>TKIP</acronym>, and that is preferred when possible. For this specification, the term <acronym>WPA2</acronym> or <acronym>RSN</acronym> is commonly used.
<acronym>WPA</acronym> defines authentication and encryption protocols. Authentication is most commonly done using one of two techniques: by 802.1X and a backend authentication service such as <acronym>RADIUS</acronym>, or by a minimal handshake between the station and the access point using a pre-shared secret. The former is commonly termed <acronym>WPA</acronym> Enterprise and the latter is known as <acronym>WPA</acronym> Personal. Since most people will not set up a <acronym>RADIUS</acronym> backend server for their wireless network, <acronym>WPA-PSK</acronym> is by far the most commonly encountered configuration for <acronym>WPA</acronym>.
The control of the wireless connection and the key negotiation or authentication with a server is done using <citerefentry><refentrytitle>wpa_supplicant</refentrytitle><manvolnum>8</manvolnum></citerefentry>. This program requires a configuration file, <filename>/etc/wpa_supplicant.conf</filename>, to run. More information regarding this file can be found in <citerefentry><refentrytitle>wpa_supplicant.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
<acronym>WPA-PSK</acronym>
<acronym>WPA-PSK</acronym>, also known as <acronym>WPA</acronym> Personal, is based on a pre-shared key (<acronym>PSK</acronym>) which is generated from a given password and used as the master key in the wireless network. This means every wireless user will share the same key. <acronym>WPA-PSK</acronym> is intended for small networks where the use of an authentication server is not possible or desired.
Always use strong passwords that are sufficiently long and made from a rich alphabet so that they will not be easily guessed or attacked.
The first step is the configuration of <filename>/etc/wpa_supplicant.conf</filename> with the <acronym>SSID</acronym> and the pre-shared key of the network:
network={
ssid="freebsdap"
psk="freebsdmall"
}
Then, in <filename>/etc/rc.conf</filename>, indicate that the wireless device configuration will be done with <acronym>WPA</acronym> and the <acronym>IP</acronym> address will be obtained with <acronym>DHCP</acronym>:
wlans_ath0="wlan0"
ifconfig_wlan0="WPA DHCP"
Then, bring up the interface:
<prompt>#</prompt> <userinput>service netif start</userinput>
Starting wpa_supplicant.
DHCPDISCOVER on wlan0 to 255.255.255.255 port 67 interval 5
DHCPDISCOVER on wlan0 to 255.255.255.255 port 67 interval 6
DHCPOFFER from 192.168.0.1
DHCPREQUEST on wlan0 to 255.255.255.255 port 67
DHCPACK from 192.168.0.1
bound to 192.168.0.254 -- renewal in 300 seconds.
wlan0: flags=8843&lt;UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST&gt; mtu 1500
ether 00:11:95:d5:43:62
inet 192.168.0.254 netmask 0xffffff00 broadcast 192.168.0.255
media: IEEE 802.11 Wireless Ethernet OFDM/36Mbps mode 11g
status: associated
ssid freebsdap channel 1 (2412 Mhz 11g) bssid 00:11:95:c3:0d:ac
country US ecm authmode WPA2/802.11i privacy ON deftxkey UNDEF
AES-CCM 3:128-bit txpower 21.5 bmiss 7 scanvalid 450 bgscan
bgscanintvl 300 bgscanidle 250 roam:rssi 7 roam:rate 5 protmode CTS
wme burst roaming MANUAL
Or, try to configure the interface manually using the information in <filename>/etc/wpa_supplicant.conf</filename>:
<prompt>#</prompt> <userinput>wpa_supplicant -i <replaceable>wlan0</replaceable> -c /etc/wpa_supplicant.conf</userinput>
Trying to associate with 00:11:95:c3:0d:ac (SSID='freebsdap' freq=2412 MHz)
Associated with 00:11:95:c3:0d:ac
WPA: Key negotiation completed with 00:11:95:c3:0d:ac [PTK=CCMP GTK=CCMP]
CTRL-EVENT-CONNECTED - Connection to 00:11:95:c3:0d:ac completed (auth) [id=0 id_str=]
The next operation is to launch <citerefentry><refentrytitle>dhclient</refentrytitle><manvolnum>8</manvolnum></citerefentry> to get the <acronym>IP</acronym> address from the <acronym>DHCP</acronym> server:
<prompt>#</prompt> <userinput>dhclient <replaceable>wlan0</replaceable></userinput>
DHCPREQUEST on wlan0 to 255.255.255.255 port 67
DHCPACK from 192.168.0.1
bound to 192.168.0.254 -- renewal in 300 seconds.
<prompt>#</prompt> <userinput>ifconfig <replaceable>wlan0</replaceable></userinput>
wlan0: flags=8843&lt;UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST&gt; mtu 1500
ether 00:11:95:d5:43:62
inet 192.168.0.254 netmask 0xffffff00 broadcast 192.168.0.255
media: IEEE 802.11 Wireless Ethernet OFDM/36Mbps mode 11g
status: associated
ssid freebsdap channel 1 (2412 Mhz 11g) bssid 00:11:95:c3:0d:ac
country US ecm authmode WPA2/802.11i privacy ON deftxkey UNDEF
AES-CCM 3:128-bit txpower 21.5 bmiss 7 scanvalid 450 bgscan
bgscanintvl 300 bgscanidle 250 roam:rssi 7 roam:rate 5 protmode CTS
wme burst roaming MANUAL

Loading…

No matching activity found.

Browse all component changes

Source information

Source string comment
(itstool) path: sect4/para
Flags
read-only
Source string location
book.translate.xml:65220
String age
a year ago
Source string age
a year ago
Translation file
books/handbook.pot, string 10692