Source string Read only

(itstool) path: sect3/para
241/2410
Context English State
Before configuring a FreeBSD machine as an <acronym>AP</acronym>, the kernel must be configured with the appropriate networking support for the wireless card as well as the security protocols being used. For more details, see <xref linkend="network-wireless-basic"/>.
The <acronym>NDIS</acronym> driver wrapper for <trademark class="registered">Windows</trademark> drivers does not currently support <acronym>AP</acronym> operation. Only native FreeBSD wireless drivers support <acronym>AP</acronym> mode.
Once wireless networking support is loaded, check if the wireless device supports the host-based access point mode, also known as hostap mode:
<prompt>#</prompt> <userinput>ifconfig <replaceable>wlan0</replaceable> create wlandev <replaceable>ath0</replaceable></userinput>
<prompt>#</prompt> <userinput>ifconfig <replaceable>wlan0</replaceable> list caps</userinput>
drivercaps=6f85edc1&lt;STA,FF,TURBOP,IBSS,HOSTAP,AHDEMO,TXPMGT,SHSLOT,SHPREAMBLE,MONITOR,MBSS,WPA1,WPA2,BURST,WME,WDS,BGSCAN,TXFRAG&gt;
cryptocaps=1f&lt;WEP,TKIP,AES,AES_CCM,TKIPMIC&gt;
This output displays the card's capabilities. The <literal>HOSTAP</literal> word confirms that this wireless card can act as an <acronym>AP</acronym>. Various supported ciphers are also listed: <acronym>WEP</acronym>, <acronym>TKIP</acronym>, and <acronym>AES</acronym>. This information indicates which security protocols can be used on the <acronym>AP</acronym>.
The wireless device can only be put into hostap mode during the creation of the network pseudo-device, so a previously created device must be destroyed first:
<prompt>#</prompt> <userinput>ifconfig <replaceable>wlan0</replaceable> destroy</userinput>
then regenerated with the correct option before setting the other parameters:
<prompt>#</prompt> <userinput>ifconfig <replaceable>wlan0</replaceable> create wlandev <replaceable>ath0</replaceable> wlanmode hostap</userinput>
<prompt>#</prompt> <userinput>ifconfig <replaceable>wlan0</replaceable> inet <replaceable>192.168.0.1</replaceable> netmask <replaceable>255.255.255.0</replaceable> ssid <replaceable>freebsdap</replaceable> mode 11g channel 1</userinput>
Use <citerefentry><refentrytitle>ifconfig</refentrytitle><manvolnum>8</manvolnum></citerefentry> again to see the status of the <filename>wlan0</filename> interface:
<prompt>#</prompt> <userinput>ifconfig <replaceable>wlan0</replaceable></userinput>
wlan0: flags=8843&lt;UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST&gt; metric 0 mtu 1500
ether 00:11:95:c3:0d:ac
inet 192.168.0.1 netmask 0xffffff00 broadcast 192.168.0.255
media: IEEE 802.11 Wireless Ethernet autoselect mode 11g &lt;hostap&gt;
status: running
ssid freebsdap channel 1 (2412 Mhz 11g) bssid 00:11:95:c3:0d:ac
country US ecm authmode OPEN privacy OFF txpower 21.5 scanvalid 60
protmode CTS wme burst dtimperiod 1 -dfs
The <literal>hostap</literal> parameter indicates the interface is running in the host-based access point mode.
The interface configuration can be done automatically at boot time by adding the following lines to <filename>/etc/rc.conf</filename>:
wlans_ath0="wlan0"
create_args_wlan0="wlanmode hostap"
ifconfig_wlan0="inet <replaceable>192.168.0.1</replaceable> netmask <replaceable>255.255.255.0</replaceable> ssid <replaceable>freebsdap</replaceable> mode 11g channel <replaceable>1</replaceable>"
Host-based Access Point Without Authentication or Encryption
Although it is not recommended to run an <acronym>AP</acronym> without any authentication or encryption, this is a simple way to check if the <acronym>AP</acronym> is working. This configuration is also important for debugging client issues.
Once the <acronym>AP</acronym> is configured, initiate a scan from another wireless machine to find the <acronym>AP</acronym>:
<prompt>#</prompt> <userinput>ifconfig <replaceable>wlan0</replaceable> create wlandev <replaceable>ath0</replaceable></userinput>
<prompt>#</prompt> <userinput>ifconfig <replaceable>wlan0</replaceable> up scan</userinput>
SSID/MESH ID BSSID CHAN RATE S:N INT CAPS
freebsdap 00:11:95:c3:0d:ac 1 54M -66:-96 100 ES WME
The client machine found the <acronym>AP</acronym> and can be associated with it:
<prompt>#</prompt> <userinput>ifconfig <replaceable>wlan0</replaceable> inet <replaceable>192.168.0.2</replaceable> netmask <replaceable>255.255.255.0</replaceable> ssid <replaceable>freebsdap</replaceable></userinput>
<prompt>#</prompt> <userinput>ifconfig <replaceable>wlan0</replaceable></userinput>
wlan0: flags=8843&lt;UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST&gt; metric 0 mtu 1500
ether 00:11:95:d5:43:62
inet 192.168.0.2 netmask 0xffffff00 broadcast 192.168.0.255
media: IEEE 802.11 Wireless Ethernet OFDM/54Mbps mode 11g
status: associated
ssid freebsdap channel 1 (2412 Mhz 11g) bssid 00:11:95:c3:0d:ac
country US ecm authmode OPEN privacy OFF txpower 21.5 bmiss 7
scanvalid 60 bgscan bgscanintvl 300 bgscanidle 250 roam:rssi 7
roam:rate 5 protmode CTS wme burst
<acronym>WPA2</acronym> Host-based Access Point
This section focuses on setting up a FreeBSD access point using the <acronym>WPA2</acronym> security protocol. More details regarding <acronym>WPA</acronym> and the configuration of <acronym>WPA</acronym>-based wireless clients can be found in <xref linkend="network-wireless-wpa"/>.
The <citerefentry><refentrytitle>hostapd</refentrytitle><manvolnum>8</manvolnum></citerefentry> daemon is used to deal with client authentication and key management on the <acronym>WPA2</acronym>-enabled <acronym>AP</acronym>.
The following configuration operations are performed on the FreeBSD machine acting as the <acronym>AP</acronym>. Once the <acronym>AP</acronym> is correctly working, <citerefentry><refentrytitle>hostapd</refentrytitle><manvolnum>8</manvolnum></citerefentry> can be automatically started at boot with this line in <filename>/etc/rc.conf</filename>:
hostapd_enable="YES"
Before trying to configure <citerefentry><refentrytitle>hostapd</refentrytitle><manvolnum>8</manvolnum></citerefentry>, first configure the basic settings introduced in <xref linkend="network-wireless-ap-basic"/>.
<acronym>WPA2-PSK</acronym>
<acronym>WPA2-PSK</acronym> is intended for small networks where the use of a backend authentication server is not possible or desired.
The configuration is done in <filename>/etc/hostapd.conf</filename>:
interface=wlan0 <co xml:id="co-ap-wpapsk-iface"/>
debug=1 <co xml:id="co-ap-wpapsk-dbug"/>
ctrl_interface=/var/run/hostapd <co xml:id="co-ap-wpapsk-ciface"/>
ctrl_interface_group=wheel <co xml:id="co-ap-wpapsk-cifacegrp"/>
ssid=freebsdap <co xml:id="co-ap-wpapsk-ssid"/>
wpa=2 <co xml:id="co-ap-wpapsk-wpa"/>
wpa_passphrase=freebsdmall <co xml:id="co-ap-wpapsk-pass"/>
wpa_key_mgmt=WPA-PSK <co xml:id="co-ap-wpapsk-kmgmt"/>
wpa_pairwise=CCMP <co xml:id="co-ap-wpapsk-pwise"/>
Wireless interface used for the access point.

Loading…

No matching activity found.

Browse all component changes

Glossary

English English
No related strings found in the glossary.

Source information

Source string comment
(itstool) path: sect3/para
Flags
read-only
Source string location
book.translate.xml:65535
String age
a year ago
Source string age
a year ago
Translation file
books/handbook.pot, string 10789