Lines Matching +full:switch +full:- +full:freq +full:- +full:select

4 Copyright (c) 2003-2024, Jouni Malinen <j@w1.fi> and contributors
16 -------
32 3. Neither the name(s) of the above-listed copyright holder(s) nor the
51 --------
54 - WPA-PSK ("WPA-Personal")
55 - WPA with EAP (e.g., with RADIUS authentication server) ("WPA-Enterprise")
58 * EAP-TLS
59 * EAP-PEAP/MSCHAPv2 (both PEAPv0 and PEAPv1)
60 * EAP-PEAP/TLS (both PEAPv0 and PEAPv1)
61 * EAP-PEAP/GTC (both PEAPv0 and PEAPv1)
62 * EAP-PEAP/OTP (both PEAPv0 and PEAPv1)
63 * EAP-PEAP/MD5-Challenge (both PEAPv0 and PEAPv1)
64 * EAP-TTLS/EAP-MD5-Challenge
65 * EAP-TTLS/EAP-GTC
66 * EAP-TTLS/EAP-OTP
67 * EAP-TTLS/EAP-MSCHAPv2
68 * EAP-TTLS/EAP-TLS
69 * EAP-TTLS/MSCHAPv2
70 * EAP-TTLS/MSCHAP
71 * EAP-TTLS/PAP
72 * EAP-TTLS/CHAP
73 * EAP-SIM
74 * EAP-AKA
75 * EAP-AKA'
76 * EAP-PSK
77 * EAP-PAX
78 * EAP-SAKE
79 * EAP-IKEv2
80 * EAP-GPSK
81 * EAP-pwd
86 * EAP-MD5-Challenge
87 * EAP-MSCHAPv2
88 * EAP-GTC
89 * EAP-OTP
90 - key management for CCMP, TKIP, WEP104, WEP40
91 - RSN/WPA2 (IEEE 802.11i)
92 * pre-authentication
96 - OpenSSL (default)
97 - GnuTLS
100 - can be used in place of an external TLS/crypto library
101 - TLSv1
102 - X.509 certificate processing
103 - PKCS #1
104 - ASN.1
105 - RSA
106 - bignum
107 - minimal size (ca. 50 kB binary, parts of which are already needed for WPA;
112 ------------
115 - Linux kernel 2.4.x or 2.6.x with Linux Wireless Extensions v15 or newer
116 - FreeBSD 6-CURRENT
117 - NetBSD-current
118 - Microsoft Windows with WinPcap (at least WinXP, may work with other versions)
119 - drivers:
123 interface driver_nl80211 (-Dnl80211 on wpa_supplicant command line)
128 Linux wireless extensions (WE-18 or newer). Obsoleted by nl80211.
137 At the moment, this is for FreeBSD 6-CURRENT branch and NetBSD-current.
141 See README-Windows.txt for more information.
150 driver-specific interface code in wpa_supplicant.
153 - libpcap (tested with 0.7.2, most relatively recent versions assumed to work,
156 - libdnet (tested with v1.4, most versions assumed to work,
167 Optional libraries for EAP-TLS, EAP-PEAP, and EAP-TTLS:
168 - OpenSSL (tested with 1.0.1 and 1.0.2 versions; assumed to
171 - GnuTLS
172 - internal TLSv1 implementation
174 One of these libraries is needed when EAP-TLS, EAP-PEAP, EAP-TTLS, or
175 EAP-FAST support is enabled. WPA-PSK mode does not require this or EAPOL/EAP
177 needed to enable IEEE 802.1X/EAPOL and EAP methods. Note that EAP-MD5,
178 EAP-GTC, EAP-OTP, and EAP-MSCHAPV2 cannot be used alone with WPA, so
181 algorithms with EAP-PEAP and EAP-TTLS.
189 ---
199 Wi-Fi Alliance (http://www.wi-fi.org/) used a draft version of the
202 is called Wi-Fi Protected Access<TM> (WPA). This has now become a
204 by Wi-Fi Alliance. Wi-Fi provides information about WPA at its web
205 site (http://www.wi-fi.org/OpenSection/protected_access.asp).
208 for protecting wireless networks. WEP uses RC4 with 40-bit keys,
209 24-bit initialization vector (IV), and CRC32 to protect against packet
214 protection, and non-keyed authentication does not protect against bit
221 per-packet RC4 keys. In addition, it implements replay protection,
226 IEEE 802.1X is using or pre-shared keys without need for additional
227 servers. Wi-Fi calls these "WPA-Enterprise" and "WPA-Personal",
231 WPA implements a new key handshake (4-Way Handshake and Group Key
242 -------------------
246 June 2004. Wi-Fi Alliance is using the final IEEE 802.11i as a new
248 robust encryption algorithm (CCMP: AES in Counter mode with CBC-MAC)
250 messages in initial key handshake, pre-authentication, and PMKSA caching).
255 --------------
266 example text-based frontend, wpa_cli, is included with wpa_supplicant.
270 - wpa_supplicant requests the kernel driver to scan neighboring BSSes
271 - wpa_supplicant selects a BSS based on its configuration
272 - wpa_supplicant requests the kernel driver to associate with the chosen
274 - If WPA-EAP: integrated IEEE 802.1X Supplicant completes EAP
277 - If WPA-EAP: master key is received from the IEEE 802.1X Supplicant
278 - If WPA-PSK: wpa_supplicant uses PSK as the master session key
279 - wpa_supplicant completes WPA 4-Way Handshake and Group Key Handshake
281 - wpa_supplicant configures encryption keys for unicast and broadcast
282 - normal data packets can be transmitted and received
287 -----------------------
290 select which parts of it will be included. This is done by creating a
297 The build time configuration can be used to select only the needed
301 methods (e.g., EAP-TLS, EAP-PEAP, ..) are included.
329 authentication algorithm (for EAP-SIM/EAP-AKA/EAP-AKA'). This requires pcsc-lite
334 Following options can be added to .config to select which driver
367 EAP-PEAP and EAP-TTLS will automatically include configured EAP
391 wpa_supplicant -iwlan0 -c/etc/wpa_supplicant.conf -d
396 wpa_supplicant -iwlan0 -c/etc/wpa_supplicant.conf -B
400 interface to use by including -D<driver name> option on the command
407 --------------------
410 wpa_supplicant [-BddfhKLqqtuvW] [-P<pid file>] [-g<global ctrl>] \
411 [-G<group>] \
412 -i<ifname> -c<config file> [-C<ctrl>] [-D<driver>] [-p<driver_param>] \
413 [-b<br_ifname> [-MN -i<ifname> -c<conf> [-C<ctrl>] [-D<driver>] \
414 [-p<driver_param>] [-b<br_ifname>] [-m<P2P Device config file>] ...
417 -b = optional bridge interface name
418 -B = run daemon in the background
419 -c = Configuration file
420 -C = ctrl_interface parameter (only used if -c is not)
421 -i = interface name
422 -d = increase debugging verbosity (-dd even more)
423 -D = driver name (can be multiple drivers: nl80211,wext)
424 -f = Log output to default log location (normally /tmp)
425 -g = global ctrl_interface
426 -G = global ctrl_interface group
427 -K = include keys (passwords, etc.) in debug output
428 -t = include timestamp in debug messages
429 -h = show this help text
430 -L = show license (BSD)
431 -p = driver parameters
432 -P = PID file
433 -q = decrease debugging verbosity (-qq even less)
434 -u = enable DBus control interface
435 -v = show version
436 -W = wait for a control interface monitor before starting
437 -M = start describing matching interface
438 -N = start describing new interface
439 -m = Configuration file for the P2P Device
446 roboswitch = wpa_supplicant Broadcom switch driver
453 wpa_supplicant -B -c/etc/wpa_supplicant.conf -iwlan0
461 wpa_supplicant -c/etc/wpa_supplicant.conf -iwlan0 -d
468 wpa_supplicant -Dnl80211,wext -c/etc/wpa_supplicant.conf -iwlan0
474 separated with -N argument. As an example, following command would
478 -c wpa1.conf -i wlan0 -D nl80211 -N \
479 -c wpa2.conf -i wlan1 -D wext
484 matched interface is separated with -M argument and the -i argument now
493 -M -c wpa_wired.conf -ilan0 -D wired \
494 -M -c wpa1.conf -iwlan* \
495 -M -c wpa2.conf
502 wpa_supplicant -cw.conf -Dnl80211 -iwlan0 -bbr0
506 ------------------
509 networks and security policies, including pre-shared keys. See
514 to wpa_supplicant ('killall -HUP wpa_supplicant'). Similarly,
518 for each used SSID. wpa_supplicant will automatically select the best
525 1) WPA-Personal (PSK) as home network and WPA-Enterprise with EAP-TLS as work
536 key_mgmt=WPA-PSK
540 # work network; use EAP-TLS with WPA; allow only CCMP and TKIP ciphers
544 key_mgmt=WPA-EAP
556 2) WPA-RADIUS/EAP-PEAP/MSCHAPv2 with RADIUS servers that use old peaplabel
557 (e.g., Funk Odyssey and SBR, Meetinghouse Aegis, Interlink RAD-Series)
564 key_mgmt=WPA-EAP
574 3) EAP-TTLS/EAP-MD5-Challenge configuration with anonymous identity for the
582 key_mgmt=WPA-EAP
593 broadcast); use EAP-TLS for authentication
598 ssid="1x-test"
621 key_mgmt=WPA-EAP WPA-PSK IEEE8021X NONE
641 'roboswitch' interface (-Dwired or -Droboswitch on command line).
657 ------------
659 Some EAP authentication methods require use of certificates. EAP-TLS
660 uses both server side and client certificates whereas EAP-PEAP and
661 EAP-TTLS only require the server side certificate. When client
675 openssl pkcs12 -in example.pfx -out user.pem -clcerts
677 openssl pkcs12 -in example.pfx -out ca.pem -cacerts -nokeys
682 -------
684 wpa_cli is a text-based frontend program for interacting with
694 used to implement, e.g., one-time-passwords or generic token card
696 challenge-response that uses an external device for generating the
700 non-root user access (ctrl_interface_group in the configuration
721 "CTRL-REQ-<type>-<id>:<text>" prefix. <type> is IDENTITY, PASSWORD, or
722 OTP (one-time-password). <id> is a unique identifier for the current
734 implement one-time-password lists and generic token card -based
739 CTRL-REQ-PASSWORD-1:Password needed for SSID foobar
742 Example request for generic token card challenge-response:
744 CTRL-REQ-OTP-2:Challenge 1235663 needed for SSID foobar
753 interface [ifname] = show interfaces/select interface
761 reconfigure = force wpa_supplicant to re-read its configuration file
766 otp <network id> <password> = configure one-time-password for an SSID
771 select_network <network id> = select a network (disable others)
790 wpa_cli [-p<path to ctrl sockets>] [-i<ifname>] [-hvB] [-a<action file>] \
791 [-P<pid file>] [-g<global ctrl>] [command..]
792 -h = help (show this usage text)
793 -v = shown version information
794 -a = run in daemon mode executing the action file based on events from
796 -B = run a daemon in the background
802 -----------------------------------------------------------
811 default interface (-i can be used to select the interface in case of
814 wpa_cli -a/sbin/wpa_action.sh -B
816 The action file (-a option, /sbin/wpa_action.sh in this example) will
833 SSID=`wpa_cli -i$IFNAME status | grep ^ssid= | cut -f2- -d=`
844 Integrating with pcmcia-cs/cardmgr scripts
845 ------------------------------------------
849 pcmcia-cs/cardmgr scripts (when using PC Cards). WPA handshake must be
853 For example, following small changes to pcmcia-cs scripts can be used
862 if [ "$WPA" = "y" -a -x /usr/local/bin/wpa_supplicant ]; then
863 /usr/local/bin/wpa_supplicant -B -c/etc/wpa_supplicant.conf \
864 -i$DEVICE
870 if [ "$WPA" = "y" -a -x /usr/local/bin/wpa_supplicant ]; then
880 ---------------------------------------------------------------
886 through a per-network interface control interface. For example,
892 wpa_supplicant -g/var/run/wpa_supplicant-global -B
896 wpa_cli -g/var/run/wpa_supplicant-global interface_add wlan0 \
900 wpa_cli -iwlan0 add_network
901 wpa_cli -iwlan0 set_network 0 ssid '"test"'
902 wpa_cli -iwlan0 set_network 0 key_mgmt WPA-PSK
903 wpa_cli -iwlan0 set_network 0 psk '"12345678"'
904 wpa_cli -iwlan0 set_network 0 pairwise TKIP
905 wpa_cli -iwlan0 set_network 0 group TKIP
906 wpa_cli -iwlan0 set_network 0 proto WPA
907 wpa_cli -iwlan0 enable_network 0
910 # with the WPA-PSK network using SSID test.
913 wpa_cli -g/var/run/wpa_supplicant-global interface_remove wlan0
917 --------------------
924 unprivileged process (wpa_supplicant) that can be run as non-root
942 wpa_supplicant can be run as a non-root user (e.g., all standard users
943 on a laptop or as a special non-privileged user account created just
948 - create user group for users that are allowed to use wpa_supplicant
951 - create /var/run/wpa_priv directory for UNIX domain sockets and control
956 - start wpa_priv as root (e.g., from system startup scripts) with the
958 wpa_priv -B -P /var/run/wpa_priv.pid nl80211:wlan0
959 - run wpa_supplicant as non-root with a user that is in wpapriv group:
960 wpa_supplicant -i ath0 -c wpa_supplicant.conf
983 ------------------------------------------------
1017 -----------------------------------
1023 "RADIO_WORK add <name> [freq=<MHz>] [timeout=<seconds>]" command can be
1024 used to reserve a slot for radio access. If freq is specified, other
1033 Once the radio work item has been started, "EXT-RADIO-WORK-START <id>"
1039 and send "EXT-RADIO-WORK-TIMEOUT <id>" event to indicate that this has
1047 <3>EXT-RADIO-WORK-START 1
1058 ext:test freq=2412 timeout=30@wlan0:2412:1:28.583483
1059 <3>EXT-RADIO-WORK-TIMEOUT 2
1062 > radio_work add test2 freq=2412 timeout=60
1064 <3>EXT-RADIO-WORK-START 5
1070 ext:test2 freq=2412 timeout=60@wlan0:2412:1:9.751844
1076 ext:test2 freq=2412 timeout=60@wlan0:2412:1:16.287869
1080 <3>EXT-RADIO-WORK-START 7
1081 <3>EXT-RADIO-WORK-TIMEOUT 7
1085 ----------------------
1087 DSCP policy procedures defined in WFA QoS Management-R2 program
1102 - Control interface event message format to indicate DSCP request start
1104 <3>CTRL-EVENT-DSCP-POLICY request_start [clear_all] [more]
1106 clear_all - AP requested to clear all DSCP policies configured earlier
1107 more - AP may request to configure more DSCP policies with new DSCP
1110 - Control interface event message format to add new policy
1112 <3>CTRL-EVENT-DSCP-POLICY add <policy_id> <dscp_value> <ip_version=0|4|6>
1124 - Control interface event message format to remove a particular policy,
1127 <3>CTRL-EVENT-DSCP-POLICY remove <policy_id>
1129 - DSCP policy may get rejected due to invalid policy parameters. Ccontrol
1132 <3>CTRL-EVENT-DSCP-POLICY reject <policy_id>
1134 - Control interface event message format to indicate end of DSCP request.
1136 <3>CTRL-EVENT-DSCP-POLICY request_end
1138 - External applications shall clear active DSCP policies upon receiving
1139 "CTRL-EVENT-DISCONNECTED" or "CTRL-EVENT-DSCP-POLICY clear_all" events.
1141 - Control interface event message format to indicate wpa_supplicant started
1144 <3>CTRL-EVENT-DSCP-POLICY request_wait start
1146 - Control interface event message format to indicate timeout to receive the
1150 <3>CTRL-EVENT-DSCP-POLICY request_wait end