From owner-freebsd-doc@FreeBSD.ORG Wed Dec 10 21:10:32 2008 Return-Path: Delivered-To: freebsd-doc@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 056B41065675; Wed, 10 Dec 2008 21:10:32 +0000 (UTC) (envelope-from murray@stokely.org) Received: from rv-out-0506.google.com (rv-out-0506.google.com [209.85.198.230]) by mx1.freebsd.org (Postfix) with ESMTP id C9B308FC18; Wed, 10 Dec 2008 21:10:31 +0000 (UTC) (envelope-from murray@stokely.org) Received: by rv-out-0506.google.com with SMTP id b25so543881rvf.43 for ; Wed, 10 Dec 2008 13:10:31 -0800 (PST) Received: by 10.140.132.4 with SMTP id f4mr849816rvd.291.1228943431428; Wed, 10 Dec 2008 13:10:31 -0800 (PST) Received: by 10.141.151.6 with HTTP; Wed, 10 Dec 2008 13:10:31 -0800 (PST) Message-ID: <2a7894eb0812101310v2123a452q26b0e07630e7f209@mail.gmail.com> Date: Wed, 10 Dec 2008 13:10:31 -0800 From: "Murray Stokely" To: "Giorgos Keramidas" In-Reply-To: <871vwfn418.fsf@kobe.laptop> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <871vwfn418.fsf@kobe.laptop> Cc: freebsd-doc@freebsd.org Subject: Re: [PATCH] Adding elements to wlan Handbook section X-BeenThere: freebsd-doc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Documentation project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Dec 2008 21:10:32 -0000 Is the stylesheet now smart enough to only markup the first occurrence differently? I seem to recall these could get distracting if all instances of an acronym are replaced (either with hyperlinks to definition, or bold, or however we are currently rendering them). - Murray On Wed, Dec 10, 2008 at 12:55 PM, Giorgos Keramidas wrote: > The wireless networking section is one of those I've been translating > lately, and I noticed that it includes *many* acronyms (AP, BSS, SSID, > IBSS, WPA, WEP, PSK, TKIP, and so on). The acronyms are practically > everywhere, so adding tags to them directly into CVS may not > be a very gentle thing to do. > > So here it is, in diff format for your pleasure. Does anyone have > objections to the patch attached below? > > [NOTE: I haven't wrapped any lines, to keep the patch more readable, but > I know already that some of the touched lines may need a bit of wrap & > filling after the patch goes in.] > > %%% > diff -r 749797edbbed en_US.ISO8859-1/books/handbook/advanced-networking/chapter.sgml > --- a/en_US.ISO8859-1/books/handbook/advanced-networking/chapter.sgml Wed Dec 10 22:03:19 2008 +0200 > +++ b/en_US.ISO8859-1/books/handbook/advanced-networking/chapter.sgml Wed Dec 10 22:50:29 2008 +0200 > @@ -21,7 +21,7 @@ > > > > - How to set up IEEE 802.11 and &bluetooth; devices. > + How to set up IEEE 802.11 and &bluetooth; devices. > > > > @@ -700,7 +700,7 @@ > > Wireless Networking Basics > > - Most wireless networks are based on the IEEE 802.11 > + Most wireless networks are based on the IEEE 802.11 > standards. A basic wireless network consists of multiple > stations communicating with radios that broadcast in either > the 2.4GHz or 5GHz band (though this varies according to the > @@ -710,19 +710,19 @@ > 802.11 networks are organized in two ways: in > infrastructure mode one station acts as a > master with all the other stations associating to it; the > - network is known as a BSS and the master station is termed an > - access point (AP). In a BSS all communication passes through > - the AP; even when one station wants to communicate with > - another wireless station messages must go through the AP. In > + network is known as a BSS and the master station is termed an > + access point (AP). In a BSS all communication passes through > + the AP; even when one station wants to communicate with > + another wireless station messages must go through the AP. In > the second form of network there is no master and stations > - communicate directly. This form of network is termed an IBSS > + communicate directly. This form of network is termed an IBSS > and is commonly known as an ad-hoc > network. > > 802.11 networks were first deployed in the 2.4GHz band > - using protocols defined by the IEEE 802.11 and 802.11b > + using protocols defined by the IEEE 802.11 and 802.11b > standard. These specifications include the operating > - frequencies, MAC layer characteristics including framing and > + frequencies, MAC layer characteristics including framing and > transmission rates (communication can be done at various > rates). Later the 802.11a standard defined operation in the > 5GHz band, including different signalling mechanisms and > @@ -734,51 +734,51 @@ > Separate from the underlying transmission techniques > 802.11 networks have a variety of security mechanisms. The > original 802.11 specifications defined a simple security > - protocol called WEP. This protocol uses a fixed pre-shared key > + protocol called WEP. This protocol uses a fixed pre-shared key > and the RC4 cryptographic cipher to encode data transmitted on > a network. Stations must all agree on the fixed key in order > to communicate. This scheme was shown to be easily broken and > is now rarely used except to discourage transient users from > joining networks. Current security practice is given by the > - IEEE 802.11i specification that defines new cryptographic > + IEEE 802.11i specification that defines new cryptographic > ciphers and an additional protocol to authenticate stations to > an access point and exchange keys for doing data > communication. Further, cryptographic keys are periodically > refreshed and there are mechanisms for detecting intrusion > attempts (and for countering intrusion attempts). Another > security protocol specification commonly used in wireless > - networks is termed WPA. This was a precursor to 802.11i > + networks is termed WPA. This was a precursor to 802.11i > defined by an industry group as an interim measure while > - waiting for 802.11i to be ratified. WPA specifies a subset of > + waiting for 802.11i to be ratified. WPA specifies a subset of > the requirements found in 802.11i and is designed for > - implementation on legacy hardware. Specifically WPA requires > - only the TKIP cipher that is derived from the original WEP > - cipher. 802.11i permits use of TKIP but also requires support > - for a stronger cipher, AES-CCM, for encrypting data. (The AES > - cipher was not required in WPA because it was deemed too > + implementation on legacy hardware. Specifically WPA requires > + only the TKIP cipher that is derived from the original WEP > + cipher. 802.11i permits use of TKIP but also requires support > + for a stronger cipher, AES-CCM, for encrypting data. (The AES > + cipher was not required in WPA because it was deemed too > computationally costly to be implemented on legacy > hardware.) > > Other than the above protocol standards the other > important standard to be aware of is 802.11e. This defines > protocols for deploying multi-media applications such as > - streaming video and voice over IP (VoIP) in an 802.11 network. > + streaming video and voice over IP (VoIP) in an 802.11 network. > Like 802.11i, 802.11e also has a precursor specification > - termed WME (later renamed WMM) that has been defined by an > + termed WME (later renamed WMM) that has been defined by an > industry group as a subset of 802.11e that can be deployed now > to enable multi-media applications while waiting for the final > ratification of 802.11e. The most important thing to know > - about 802.11e and WME/WMM is that it enables prioritized > + about 802.11e and WME/WMM is that it enables prioritized > traffic use of a wireless network through Quality of Service > (QoS) protocols and enhanced media access protocols. Proper > implementation of these protocols enable high speed bursting > of data and prioritized traffic flow. > > Since the 6.0 version, &os; supports networks that operate > - using 802.11a, 802.11b, and 802.11g. The WPA and 802.11i > + using 802.11a, 802.11b, and 802.11g. The WPA and 802.11i > security protocols are likewise supported (in conjunction with > any of 11a, 11b, and 11g) and QoS and traffic prioritization > - required by the WME/WMM protocols are supported for a limited > + required by the WME/WMM protocols are supported for a limited > set of wireless devices. > > > @@ -901,7 +901,7 @@ > > Infrastructure Mode > > - The infrastructure mode or BSS mode is the mode that is > + The infrastructure mode or BSS mode is the mode that is > typically used. In this mode, a number of wireless access > points are connected to a wired network. Each wireless > network has its own name, this name is called the SSID of the > @@ -935,7 +935,7 @@ > The output of a scan request lists each BSS/IBSS > network found. Beside the name of the network, > SSID, we find the > - BSSID which is the MAC address of the > + BSSID which is the MAC address of the > access point. The CAPS field > identifies the type of each network and the capabilities > of the stations operating there: > @@ -945,9 +945,9 @@ > E > > > - Extended Service Set (ESS). Indicates that the > + Extended Service Set (ESS). Indicates that the > station is part of an infrastructure network (in > - contrast to an IBSS/ad-hoc network). > + contrast to an IBSS/ad-hoc network). > > > > @@ -955,8 +955,8 @@ > I > > > - IBSS/ad-hoc network. Indicates that the station > - is part of an ad-hoc network (in contrast to an ESS > + IBSS/ad-hoc network. Indicates that the station > + is part of an ad-hoc network (in contrast to an ESS > network). > > > @@ -966,9 +966,9 @@ > > > Privacy. Data confidentiality is required for > - all data frames exchanged within the BSS. This means > - that this BSS requires the station to use > - cryptographic means such as WEP, TKIP or AES-CCMP to > + all data frames exchanged within the BSS. This means > + that this BSS requires the station to use > + cryptographic means such as WEP, TKIP or AES-CCMP to > encrypt/decrypt data frames being exchanged with > others. > > @@ -1037,7 +1037,7 @@ > > If there are multiple access points and you want to > select a specific one, you can select it by its > - SSID: > + SSID: > > ifconfig_ath0="ssid your_ssid_here DHCP" > > @@ -1045,8 +1045,8 @@ > points with the same SSID (often done to simplify > roaming) it may be necessary to associate to one > specific device. In this case you can also specify the > - BSSID of the access point (you can also leave off the > - SSID): > + BSSID of the access point (you can also leave off the > + SSID): > > ifconfig_ath0="ssid your_ssid_here bssid xx:xx:xx:xx:xx:xx DHCP" > > @@ -1084,16 +1084,16 @@ > Other schemes require cryptographic handshakes be > completed before data traffic can flow; either using > pre-shared keys or secrets, or more complex schemes that > - involve backend services such as RADIUS. Most users > + involve backend services such as RADIUS. Most users > will use open authentication which is the default > - setting. Next most common setup is WPA-PSK, also known > - as WPA Personal, which is described + setting. Next most common setup is WPA-PSK, also known > + as WPA Personal, which is described linkend="network-wireless-wpa-wpa-psk">below. > > > If you have an &apple; &airport; Extreme base > station for an access point you may need to configure > - shared-key authentication together with a WEP key. > + shared-key authentication together with a WEP key. > This can be done in the > /etc/rc.conf file or using the > &man.wpa.supplicant.8; program. If you have a single > @@ -1103,12 +1103,12 @@ > ifconfig_ath0="authmode shared wepmode on weptxkey 1 wepkey 01234567 DHCP" > > In general shared key authentication is to be > - avoided because it uses the WEP key material in a > + avoided because it uses the WEP key material in a > highly-constrained manner making it even easier to > - crack the key. If WEP must be used (e.g., for > + crack the key. If WEP must be used (e.g., for > compatibility with legacy devices) it is better to use > - WEP with open authentication. More > - information regarding WEP can be found in the + WEP with open authentication. More > + information regarding WEP can be found in the linkend="network-wireless-wep">. > > > @@ -1119,7 +1119,7 @@ > Once you have selected an access point and set the > authentication parameters, you will have to get an IP > address to communicate. Most of time you will obtain > - your wireless IP address via DHCP. To achieve that, > + your wireless IP address via DHCP. To achieve that, > simply edit /etc/rc.conf and add > DHCP to the configuration for your > device as shown in various examples above: > @@ -1149,7 +1149,7 @@ > are connected to the wireless network (to the > dlinkap network in our case). The > bssid 00:13:46:49:41:76 part is the > - MAC address of your access point; the > + MAC address of your access point; the > authmode line informs you that the > communication is not encrypted > (OPEN). > @@ -1159,7 +1159,7 @@ > Static IP Address > > In the case you cannot obtain an IP address from a > - DHCP server, you can set a fixed IP address. Replace > + DHCP server, you can set a fixed IP address. Replace > the DHCP keyword shown above with the > address information. Be sure to retain any other > parameters you have set up for selecting an access > @@ -1172,34 +1172,34 @@ > > WPA > > - WPA (Wi-Fi Protected Access) is a security protocol > + WPA (Wi-Fi Protected Access) is a security protocol > used together with 802.11 networks to address the lack of > proper authentication and the weakness of - linkend="network-wireless-wep">WEP. WPA leverages > + linkend="network-wireless-wep">WEP. WPA leverages > the 802.1X authentication protocol and uses one of several > - ciphers instead of WEP for data integrity. The only > - cipher required by WPA is TKIP (Temporary Key Integrity > + ciphers instead of WEP for data integrity. The only > + cipher required by WPA is TKIP (Temporary Key Integrity > Protocol) which is a cipher that extends the basic RC4 > - cipher used by WEP by adding integrity checking, tamper > + cipher used by WEP by adding integrity checking, tamper > detection, and measures for responding to any detected > - intrusions. TKIP is designed to work on legacy hardware > + intrusions. TKIP is designed to work on legacy hardware > with only software modification; it represents a > compromise that improves security but is still not > - entirely immune to attack. WPA also specifies the > - AES-CCMP cipher as an alternative to TKIP and that is > + entirely immune to attack. WPA also specifies the > + AES-CCMP cipher as an alternative to TKIP and that is > preferred when possible; for this specification the term > - WPA2 (or RSN) is commonly used. > - > - WPA defines authentication and encryption protocols. > + WPA2 (or RSN) is commonly used. > + > + WPA defines authentication and encryption protocols. > Authentication is most commonly done using one of two > techniques: by 802.1X and a backend authentication service > - such as RADIUS, or by a minimal handshake between the > + such as RADIUS, or by a minimal handshake between the > station and the access point using a pre-shared secret. > - The former is commonly termed WPA Enterprise with the > - latter known as WPA Personal. Since most people will not > - set up a RADIUS backend server for wireless network, > - WPA-PSK is by far the most commonly encountered > - configuration for WPA. > + The former is commonly termed WPA Enterprise with the > + latter known as WPA Personal. Since most people will not > + set up a RADIUS backend server for wireless network, > + WPA-PSK is by far the most commonly encountered > + configuration for WPA. > > The control of the wireless connection and the > authentication (key negotiation or authentication with a > @@ -1212,11 +1212,11 @@ > > WPA-PSK > > - WPA-PSK also known as WPA-Personal is based on a > - pre-shared key (PSK) generated from a given password and > + WPA-PSK also known as WPA-Personal is based on a > + pre-shared key (PSK) generated from a given password and > that will be used as the master key in the wireless > network. This means every wireless user will share the > - same key. WPA-PSK is intended for small networks where > + same key. WPA-PSK is intended for small networks where > the use of an authentication server is not possible or > desired. > > @@ -1237,8 +1237,8 @@ > > Then, in /etc/rc.conf, we > indicate that the wireless device configuration will be > - done with WPA and the IP address will be obtained with > - DHCP: > + done with WPA and the IP address will be obtained with > + DHCP: > > ifconfig_ath0="WPA DHCP" > > @@ -1274,7 +1274,7 @@ > > The next operation is the launch of the > dhclient command to get the IP > - address from the DHCP server: > + address from the DHCP server: > > &prompt.root; dhclient ath0 > DHCPREQUEST on ath0 to 255.255.255.255 port 67 > @@ -1301,7 +1301,7 @@ > keys. > > > - In the case where the use of DHCP is not possible, > + In the case where the use of DHCP is not possible, > you can set a static IP address after > wpa_supplicant has authenticated the > station: > @@ -1318,7 +1318,7 @@ > authmode WPA privacy ON deftxkey UNDEF TKIP 2:128-bit txpowmax 36 > protmode CTS roaming MANUAL bintval 100 > > - When DHCP is not used, you also have to manually set > + When DHCP is not used, you also have to manually set > up the default gateway and the nameserver: > > &prompt.root; route add default your_default_router > @@ -1328,29 +1328,29 @@ > > WPA with EAP-TLS > > - The second way to use WPA is with an 802.1X backend > - authentication server, in this case WPA is called > - WPA-Enterprise to make difference with the less secure > - WPA-Personal with its pre-shared key. The > - authentication in WPA-Enterprise is based on EAP > + The second way to use WPA is with an 802.1X backend > + authentication server, in this case WPA is called > + WPA-Enterprise to make difference with the less secure > + WPA-Personal with its pre-shared key. The > + authentication in WPA-Enterprise is based on EAP > (Extensible Authentication Protocol). > > - EAP does not come with an encryption method, it was > - decided to embed EAP inside an encrypted tunnel. Many > - types of EAP authentication methods have been designed, > - the most common methods are EAP-TLS, EAP-TTLS and > - EAP-PEAP. > - > - EAP-TLS (EAP with Transport Layer Security) is a > + EAP does not come with an encryption method, it was > + decided to embed EAP inside an encrypted tunnel. Many > + types of EAP authentication methods have been designed, > + the most common methods are EAP-TLS, EAP-TTLS and > + EAP-PEAP. > + > + EAP-TLS (EAP with Transport Layer Security) is a > very well-supported authentication protocol in the > - wireless world since it was the first EAP method to be > + wireless world since it was the first EAP method to be > certified by the url="http://www.wi-fi.org/">Wi-Fi alliance. > - EAP-TLS will require three certificates to run: the CA > + EAP-TLS will require three certificates to run: the CA > certificate (installed on all machines), the server > certificate for your authentication server, and one > client certificate for each wireless client. In this > - EAP method, both authentication server and wireless > + EAP method, both authentication server and wireless > client authenticate each other in presenting their > respective certificates, and they verify that these > certificates were signed by your organization's > @@ -1378,30 +1378,30 @@ > > > > - Here, we use RSN (IEEE 802.11i) protocol, i.e., > + Here, we use RSN (IEEE 802.11i) protocol, i.e., > WPA2. > > > > The key_mgmt line refers to > the key management protocol we use. In our case it > - is WPA using EAP authentication: > + is WPA using EAP authentication: > WPA-EAP. > > > > - In this field, we mention the EAP method for our > + In this field, we mention the EAP method for our > connection. > > > > The identity field contains > - the identity string for EAP. > + the identity string for EAP. > > > > The ca_cert field indicates > - the pathname of the CA certificate file. This file > + the pathname of the CA certificate file. This file > is needed to verify the server certificat. > > > @@ -1457,13 +1457,13 @@ > > WPA with EAP-TTLS > > - With EAP-TLS both the authentication server and the > - client need a certificate, with EAP-TTLS (EAP-Tunneled > + With EAP-TLS both the authentication server and the > + client need a certificate, with EAP-TTLS (EAP-Tunneled > Transport Layer Security) a client certificate is > optional. This method is close to what some secure web > - sites do , where the web server can create a secure SSL > + sites do, where the web server can create a secure SSL > tunnel even if the visitors do not have client-side > - certificates. EAP-TTLS will use the encrypted TLS > + certificates. EAP-TTLS will use the encrypted TLS > tunnel for safe transport of the authentication > data. > > @@ -1484,31 +1484,31 @@ > > > > - In this field, we mention the EAP method for our > + In this field, we mention the EAP method for our > connection. > > > > The identity field contains > - the identity string for EAP authentication inside > - the encrypted TLS tunnel. > + the identity string for EAP authentication inside > + the encrypted TLS tunnel. > > > > The password field contains > - the passphrase for the EAP authentication. > + the passphrase for the EAP authentication. > > > > The ca_cert field indicates > - the pathname of the CA certificate file. This file > + the pathname of the CA certificate file. This file > is needed to verify the server certificat. > > > > In this field, we mention the authentication > - method used in the encrypted TLS tunnel. In our > - case, EAP with MD5-Challenge has been used. The > + method used in the encrypted TLS tunnel. In our > + case, EAP with MD5-Challenge has been used. The > inner authentication phase is often > called phase2. > > @@ -1542,29 +1542,29 @@ > > WPA with EAP-PEAP > > - PEAP (Protected EAP) has been designed as an > - alternative to EAP-TTLS. There are two types of PEAP > - methods, the most common one is PEAPv0/EAP-MSCHAPv2. In > - the rest of this document, we will use the PEAP term to > - refer to that EAP method. PEAP is the most used EAP > - standard after EAP-TLS, in other words if you have a > - network with mixed OSes, PEAP should be the most > - supported standard after EAP-TLS. > - > - PEAP is similar to EAP-TTLS: it uses a server-side > + PEAP (Protected EAP) has been designed as an > + alternative to EAP-TTLS. There are two types of PEAP > + methods, the most common one is PEAPv0/EAP-MSCHAPv2. In > + the rest of this document, we will use the PEAP term to > + refer to that EAP method. PEAP is the most used EAP > + standard after EAP-TLS, in other words if you have a > + network with mixed OSes, PEAP should be the most > + supported standard after EAP-TLS. > + > + PEAP is similar to EAP-TTLS: it uses a server-side > certificate to authenticate clients by creating an > - encrypted TLS tunnel between the client and the > + encrypted TLS tunnel between the client and the > authentication server, which protects the ensuing > exchange of authentication information. In term of > - security the difference between EAP-TTLS and PEAP is > - that PEAP authentication broadcasts the username in > - clear, only the password is sent in the encrypted TLS > - tunnel. EAP-TTLS will use the TLS tunnel for both > + security the difference between EAP-TTLS and PEAP is > + that PEAP authentication broadcasts the username in > + clear, only the password is sent in the encrypted TLS > + tunnel. EAP-TTLS will use the TLS tunnel for both > username and password. > > We have to edit the > /etc/wpa_supplicant.conf file and > - add the EAP-PEAP related settings: > + add the EAP-PEAP related settings: > > network={ > ssid="freebsdap" > @@ -1580,30 +1580,30 @@ > > > > - In this field, we mention the EAP method for our > + In this field, we mention the EAP method for our > connection. > > > > The identity field contains > - the identity string for EAP authentication inside > - the encrypted TLS tunnel. > + the identity string for EAP authentication inside > + the encrypted TLS tunnel. > > > > The password field contains > - the passphrase for the EAP authentication. > + the passphrase for the EAP authentication. > > > > The ca_cert field indicates > - the pathname of the CA certificate file. This file > + the pathname of the CA certificate file. This file > is needed to verify the server certificat. > > > > This field contains the parameters for the > - first phase of the authentication (the TLS > + first phase of the authentication (the TLS > tunnel). According to the authentication server > used, you will have to specify a specific label > for the authentication. Most of time, the label > @@ -1615,8 +1615,8 @@ > > > In this field, we mention the authentication > - protocol used in the encrypted TLS tunnel. In the > - case of PEAP, it is > + protocol used in the encrypted TLS tunnel. In the > + case of PEAP, it is > auth=MSCHAPV2. > > > @@ -1650,7 +1650,7 @@ > > WEP > > - WEP (Wired Equivalent Privacy) is part of the original > + WEP (Wired Equivalent Privacy) is part of the original > 802.11 standard. There is no authentication mechanism, > only a weak form of access control, and it is easily to be > cracked. > @@ -1663,7 +1663,7 @@ > > > > - The weptxkey means which WEP > + The weptxkey means which WEP > key will be used in the transmission. Here we used the > third key. This must match the setting in the access > point. If you do not have any idea of what is the key > @@ -1674,7 +1674,7 @@ > > > The wepkey means setting the > - selected WEP key. It should in the format > + selected WEP key. It should in the format > index:key, if the index is > not given, key 1 is set. That is > to say we need to set the index if we use keys other > @@ -1692,7 +1692,7 @@ > page for further information. > > The wpa_supplicant facility also > - can be used to configure your wireless interface with WEP. > + can be used to configure your wireless interface with WEP. > The example above can be set up by adding the following > lines to > /etc/wpa_supplicant.conf: > @@ -1716,11 +1716,11 @@ > > Ad-hoc Mode > > - IBSS mode, also called ad-hoc mode, is designed for point > + IBSS mode, also called ad-hoc mode, is designed for point > to point connections. For example, to establish an ad-hoc > network between the machine A and the machine > B we will just need to choose two IP adresses > - and a SSID. > + and a SSID. > > On the box A: > > @@ -1736,7 +1736,7 @@ > authmode OPEN privacy OFF txpowmax 36 protmode CTS bintval 100 > > The adhoc parameter indicates the > - interface is running in the IBSS mode. > + interface is running in the IBSS mode. > > On B, we should be able to detect > A: > @@ -1769,14 +1769,14 @@ > &os; Host Access Points > > &os; can act as an Access Point (AP) which eliminates the > - need to buy a hardware AP or run an ad-hoc network. This can be > + need to buy a hardware AP or run an ad-hoc network. This can be > particularly useful when your &os; machine is acting as a > gateway to another network (e.g., the Internet). > > > Basic Settings > > - Before configuring your &os; machine as an AP, the > + Before configuring your &os; machine as an AP, the > kernel must be configured with the appropriate wireless > networking support for your wireless card. You also have to > add the support for the security protocols you intend to > @@ -1785,8 +1785,8 @@ > > > The use of the NDIS driver wrapper and the &windows; > - drivers do not allow currently the AP operation. Only > - native &os; wireless drivers support AP mode. > + drivers do not allow currently the AP operation. Only > + native &os; wireless drivers support AP mode. > > > Once the wireless networking support is loaded, you can > @@ -1799,12 +1799,12 @@ > This output displays the card capabilities; the > HOSTAP word confirms this wireless card > can act as an Access Point. Various supported ciphers are > - also mentioned: WEP, TKIP, WPA2, etc., these informations > + also mentioned: WEP, TKIP, WPA2, etc., these informations > are important to know what security protocols could be set > on the Access Point. > > The wireless device can now be put into hostap mode and > - configured with the correct SSID and IP address: > + configured with the correct SSID and IP address: > > &prompt.root; ifconfig ath0 ssid freebsdap mode 11g mediaopt hostap inet 192.168.0.1 netmask 255.255.255.0 > > @@ -1836,12 +1836,12 @@ > Host-based Access Point without Authentication or > Encryption > > - Although it is not recommended to run an AP without any > + Although it is not recommended to run an AP without any > authentication or encryption, this is a simple way to check > - if your AP is working. This configuration is also important > + if your AP is working. This configuration is also important > for debugging client issues. > > - Once the AP configured as previously shown, it is > + Once the AP configured as previously shown, it is > possible from another wireless machine to initiate a scan to > find the AP: > > @@ -1868,17 +1868,17 @@ > WPA Host-based Access Point > > This section will focus on setting up &os; Access Point > - using the WPA security protocol. More details regarding WPA > - and the configuration of WPA-based wireless clients can be > + using the WPA security protocol. More details regarding WPA > + and the configuration of WPA-based wireless clients can be > found in the . > > The hostapd daemon is used to > deal with client authentication and keys management on the > - WPA enabled Access Point. > + WPA enabled Access Point. > > In the following, all the configuration operations will > - be performed on the &os; machine acting as AP. Once the > - AP is correctly working, hostapd > + be performed on the &os; machine acting as AP. Once the > + AP is correctly working, hostapd > should be automatically enabled at boot with the following > line in /etc/rc.conf: > > @@ -1892,7 +1892,7 @@ > > WPA-PSK > > - WPA-PSK is intended for small networks where the use > + WPA-PSK is intended for small networks where the use > of an backend authentication server is not possible or > desired. > > @@ -1944,14 +1944,14 @@ > > > The wpa field enables WPA and > - specifies which WPA authentication protocol will be > + specifies which WPA authentication protocol will be > required. A value of 1 configures the > AP for WPA-PSK. > > > > The wpa_passphrase field > - contains the ASCII passphrase for the WPA > + contains the ASCII passphrase for the WPA > authentication. > > > @@ -1964,17 +1964,17 @@ > > The wpa_key_mgmt line refers to > the key management protocol we use. In our case it is > - WPA-PSK. > + WPA-PSK. > > > > The wpa_pairwise field > indicates the set of accepted encryption algorithms by > - the Access Point. Here both TKIP (WPA) and CCMP > - (WPA2) ciphers are accepted. CCMP cipher is an > - alternative to TKIP and that is strongly preferred > - when possible; TKIP should be used solely for stations > - incapable of doing CCMP. > + the Access Point. Here both TKIP (WPA) and CCMP > + (WPA2) ciphers are accepted. CCMP cipher is an > + alternative to TKIP and that is strongly preferred > + when possible; TKIP should be used solely for stations > + incapable of doing CCMP. > > > > @@ -1996,7 +1996,7 @@ > The Access Point is running, the clients can now be > associated with it, see linkend="network-wireless-wpa"> for more details. It is > - possible to see the stations associated with the AP using > + possible to see the stations associated with the AP using > the ifconfig ath0 list > sta command. > > @@ -2005,22 +2005,22 @@ > > WEP Host-based Access Point > > - It is not recommended to use WEP for setting up an > + It is not recommended to use WEP for setting up an > Access Point since there is no authentication mechanism and > it is easily to be cracked. Some legacy wireless cards only > - support WEP as security protocol, these cards will only > - allow to set up AP without authentication or encryption or > - using the WEP protocol. > + support WEP as security protocol, these cards will only > + allow to set up AP without authentication or encryption or > + using the WEP protocol. > > The wireless device can now be put into hostap mode and > - configured with the correct SSID and IP address: > + configured with the correct SSID and IP address: > > &prompt.root; ifconfig ath0 ssid freebsdap wepmode on weptxkey 3 wepkey 3:0x3456789012 mode 11g mediaopt hostap \ > inet 192.168.0.1 netmask 255.255.255.0 > > > > - The weptxkey means which WEP > + The weptxkey means which WEP > key will be used in the transmission. Here we used the > third key (note that the key numbering starts with > 1). This parameter must be specified > @@ -2029,7 +2029,7 @@ > > > The wepkey means setting the > - selected WEP key. It should in the format > + selected WEP key. It should in the format > index:key, if the index is > not given, key 1 is set. That is > to say we need to set the index if we use keys other > @@ -2084,7 +2084,7 @@ > access point. This includes the authentication scheme and > any security protocols. Simplify your configuration as > much as possible. If you are using a security protocol > - such as WPA or WEP configure the access point for open > + such as WPA or WEP configure the access point for open > authentication and no security to see if you can get > traffic to pass. > > @@ -3245,7 +3245,7 @@ > lacp > > > - Supports the IEEE 802.3ad Link Aggregation Control Protocol > + Supports the IEEE 802.3ad Link Aggregation Control Protocol > (LACP) and the Marker Protocol. LACP will negotiate a set of > aggregable links with the peer in to one or more Link Aggregated > Groups. Each LAG is composed of ports of the same speed, set to > %%% >