Date: Tue, 29 May 2012 05:31:22 +0000 (UTC) From: Warren Block <wblock@FreeBSD.org> To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r38927 - head/en_US.ISO8859-1/books/handbook/advanced-networking Message-ID: <201205290531.q4T5VMpd055374@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: wblock Date: Tue May 29 05:31:22 2012 New Revision: 38927 URL: http://svn.freebsd.org/changeset/doc/38927 Log: Whitespace-only fixes for indentation and long lines. Translators, please ignore. Modified: head/en_US.ISO8859-1/books/handbook/advanced-networking/chapter.sgml Modified: head/en_US.ISO8859-1/books/handbook/advanced-networking/chapter.sgml ============================================================================== --- head/en_US.ISO8859-1/books/handbook/advanced-networking/chapter.sgml Mon May 28 18:06:06 2012 (r38926) +++ head/en_US.ISO8859-1/books/handbook/advanced-networking/chapter.sgml Tue May 29 05:31:22 2012 (r38927) @@ -21,7 +21,8 @@ </listitem> <listitem> - <para>How to set up &ieee; 802.11 and &bluetooth; devices.</para> + <para>How to set up &ieee; 802.11 and &bluetooth; + devices.</para> </listitem> <listitem> @@ -29,11 +30,13 @@ </listitem> <listitem> - <para>How to set up network booting on a diskless machine.</para> + <para>How to set up network booting on a diskless + machine.</para> </listitem> <listitem> - <para>How to set up network PXE booting with an NFS root file system.</para> + <para>How to set up network PXE booting with an NFS root file + system.</para> </listitem> <listitem> @@ -62,7 +65,8 @@ <itemizedlist> <listitem> - <para>Understand the basics of the <filename>/etc/rc</filename> scripts.</para> + <para>Understand the basics of the + <filename>/etc/rc</filename> scripts.</para> </listitem> <listitem> @@ -70,13 +74,13 @@ </listitem> <listitem> - <para>Know how to configure and install a new FreeBSD kernel - (<xref linkend="kernelconfig">).</para> + <para>Know how to configure and install a new FreeBSD kernel + (<xref linkend="kernelconfig">).</para> </listitem> <listitem> - <para>Know how to install additional third-party - software (<xref linkend="ports">).</para> + <para>Know how to install additional third-party + software (<xref linkend="ports">).</para> </listitem> </itemizedlist> @@ -85,18 +89,20 @@ <sect1 id="network-routing"> <sect1info> <authorgroup> - <author> - <firstname>Coranth</firstname> - <surname>Gryphon</surname> + <author> + <firstname>Coranth</firstname> + <surname>Gryphon</surname> <contrib>Contributed by </contrib> - </author> + </author> </authorgroup> </sect1info> + <title>Gateways and Routes</title> <indexterm><primary>routing</primary></indexterm> <indexterm><primary>gateway</primary></indexterm> <indexterm><primary>subnet</primary></indexterm> + <para>For one machine to be able to find another over a network, there must be a mechanism in place to describe how to get from one to the other. This is called @@ -111,14 +117,13 @@ bit more about default routes later on. There are also three types of gateways: individual hosts, interfaces (also called <quote>links</quote>), and Ethernet hardware addresses (MAC - addresses). - </para> + addresses).</para> <sect2> <title>An Example</title> - <para>To illustrate different aspects of routing, we will use the - following example from <command>netstat</command>:</para> + <para>To illustrate different aspects of routing, we will use + the following example from <command>netstat</command>:</para> <screen>&prompt.user; <userinput>netstat -r</userinput> Routing tables @@ -137,8 +142,9 @@ host2.example.com link#1 UC <indexterm><primary>default route</primary></indexterm> <para>The first two lines specify the default route (which we - will cover in the <link linkend="network-routing-default">next - section</link>) and the <hostid>localhost</hostid> route.</para> + will cover in the + <link linkend="network-routing-default">next section</link>) + and the <hostid>localhost</hostid> route.</para> <indexterm><primary>loopback device</primary></indexterm> <para>The interface (<literal>Netif</literal> column) that this @@ -150,8 +156,8 @@ host2.example.com link#1 UC started.</para> <indexterm> - <primary>Ethernet</primary> - <secondary>MAC address</secondary> + <primary>Ethernet</primary> + <secondary>MAC address</secondary> </indexterm> <para>The next thing that stands out are the addresses beginning with <hostid role="mac">0:e0:</hostid>. These are Ethernet @@ -169,24 +175,28 @@ host2.example.com link#1 UC based upon a shortest path determination.</para> <indexterm><primary>subnet</primary></indexterm> - <para>FreeBSD will also add subnet routes for the local subnet (<hostid - role="ipaddr">10.20.30.255</hostid> is the broadcast address for the - subnet <hostid role="ipaddr">10.20.30</hostid>, and <hostid - role="domainname">example.com</hostid> is the domain name associated - with that subnet). The designation <literal>link#1</literal> refers - to the first Ethernet card in the machine. You will notice no - additional interface is specified for those.</para> - - <para>Both of these groups (local network hosts and local subnets) have - their routes automatically configured by a daemon called - <application>routed</application>. If this is not run, then only - routes which are statically defined (i.e., entered explicitly) will - exist.</para> - - <para>The <literal>host1</literal> line refers to our host, which it - knows by Ethernet address. Since we are the sending host, FreeBSD - knows to use the loopback interface (<devicename>lo0</devicename>) - rather than sending it out over the Ethernet interface.</para> + + <para>FreeBSD will also add subnet routes for the local subnet + (<hostid role="ipaddr">10.20.30.255</hostid> is the broadcast + address for the subnet + <hostid role="ipaddr">10.20.30</hostid>, and + <hostid role="domainname">example.com</hostid> is the domain + name associated with that subnet). The designation + <literal>link#1</literal> refers to the first Ethernet card in + the machine. You will notice no additional interface is + specified for those.</para> + + <para>Both of these groups (local network hosts and local + subnets) have their routes automatically configured by a + daemon called <application>routed</application>. If this is + not run, then only routes which are statically defined (i.e., + entered explicitly) will exist.</para> + + <para>The <literal>host1</literal> line refers to our host, + which it knows by Ethernet address. Since we are the sending + host, FreeBSD knows to use the loopback interface + (<devicename>lo0</devicename>) rather than sending it out over + the Ethernet interface.</para> <para>The two <literal>host2</literal> lines are an example of what happens when we use an &man.ifconfig.8; alias (see the @@ -199,8 +209,9 @@ host2.example.com link#1 UC hosts on the local network will simply have a <literal>link#1</literal> line for such routes.</para> - <para>The final line (destination subnet <hostid role="ipaddr">224</hostid>) deals - with multicasting, which will be covered in another section.</para> + <para>The final line (destination subnet + <hostid role="ipaddr">224</hostid>) deals with multicasting, + which will be covered in another section.</para> <para>Finally, various attributes of each route can be seen in the <literal>Flags</literal> column. Below is a short table @@ -219,14 +230,15 @@ host2.example.com link#1 UC <row> <entry>H</entry> - <entry>Host: The route destination is a single host.</entry> + <entry>Host: The route destination is a single + host.</entry> </row> <row> <entry>G</entry> - <entry>Gateway: Send anything for this destination on to this - remote system, which will figure out from there where to send - it.</entry> + <entry>Gateway: Send anything for this destination on to + this remote system, which will figure out from there + where to send it.</entry> </row> <row> @@ -237,15 +249,16 @@ host2.example.com link#1 UC <row> <entry>C</entry> - <entry>Clone: Generates a new route based upon this route for - machines we connect to. This type of route is normally used - for local networks.</entry> + <entry>Clone: Generates a new route based upon this + route for machines we connect to. This type of route + is normally used for local networks.</entry> </row> <row> <entry>W</entry> - <entry>WasCloned: Indicated a route that was auto-configured - based upon a local area network (Clone) route.</entry> + <entry>WasCloned: Indicated a route that was + auto-configured based upon a local area network + (Clone) route.</entry> </row> <row> @@ -262,27 +275,29 @@ host2.example.com link#1 UC <title>Default Routes</title> <indexterm><primary>default route</primary></indexterm> - <para>When the local system needs to make a connection to a remote host, - it checks the routing table to determine if a known path exists. If - the remote host falls into a subnet that we know how to reach (Cloned - routes), then the system checks to see if it can connect along that - interface.</para> - <para>If all known paths fail, the system has one last option: the - <quote>default</quote> route. This route is a special type of gateway - route (usually the only one present in the system), and is always - marked with a <literal>c</literal> in the flags field. For hosts on a - local area network, this gateway is set to whatever machine has a - direct connection to the outside world (whether via PPP link, - DSL, cable modem, T1, or another network interface).</para> - - <para>If you are configuring the default route for a machine which - itself is functioning as the gateway to the outside world, then the - default route will be the gateway machine at your Internet Service - Provider's (ISP) site.</para> + <para>When the local system needs to make a connection to a + remote host, it checks the routing table to determine if a + known path exists. If the remote host falls into a subnet + that we know how to reach (Cloned routes), then the system + checks to see if it can connect along that interface.</para> + + <para>If all known paths fail, the system has one last option: + the <quote>default</quote> route. This route is a special + type of gateway route (usually the only one present in the + system), and is always marked with a <literal>c</literal> in + the flags field. For hosts on a local area network, this + gateway is set to whatever machine has a direct connection to + the outside world (whether via PPP link, DSL, cable modem, T1, + or another network interface).</para> + + <para>If you are configuring the default route for a machine + which itself is functioning as the gateway to the outside + world, then the default route will be the gateway machine at + your Internet Service Provider's (ISP) site.</para> - <para>Let us look at an example of default routes. This is a common - configuration:</para> + <para>Let us look at an example of default routes. This is a + common configuration:</para> <mediaobject> <imageobject> @@ -303,7 +318,8 @@ host2.example.com link#1 UC a local area network to another gateway computer through an external interface to the ISPs Internet feed.</para> - <para>The default routes for each of your machines will be:</para> + <para>The default routes for each of your machines will + be:</para> <informaltable frame="none" pgwide="1"> <tgroup cols="3"> @@ -332,22 +348,24 @@ host2.example.com link#1 UC </informaltable> <para>A common question is <quote>Why (or how) would we set - the <hostid>T1-GW</hostid> to be the default gateway for - <hostid>Local1</hostid>, rather than the ISP server it is - connected to?</quote>.</para> - - <para>Remember, since the PPP interface is using an address on the ISP's - local network for your side of the connection, routes for any other - machines on the ISP's local network will be automatically generated. - Hence, you will already know how to reach the <hostid>T1-GW</hostid> - machine, so there is no need for the intermediate step - of sending traffic to the ISP server.</para> - - <para>It is common to use the address <hostid - role="ipaddr">X.X.X.1</hostid> as the gateway address for your local - network. So (using the same example), if your local class-C address - space was <hostid role="ipaddr">10.20.30</hostid> and your ISP was - using <hostid role="ipaddr">10.9.9</hostid> then the default routes + the <hostid>T1-GW</hostid> to be the default gateway for + <hostid>Local1</hostid>, rather than the ISP server it is + connected to?</quote>.</para> + + <para>Remember, since the PPP interface is using an address on + the ISP's local network for your side of the connection, + routes for any other machines on the ISP's local network will + be automatically generated. Hence, you will already know how + to reach the <hostid>T1-GW</hostid> machine, so there is no + need for the intermediate step of sending traffic to the ISP + server.</para> + + <para>It is common to use the address + <hostid role="ipaddr">X.X.X.1</hostid> as the gateway address + for your local network. So (using the same example), if your + local class-C address space was + <hostid role="ipaddr">10.20.30</hostid> and your ISP was using + <hostid role="ipaddr">10.9.9</hostid> then the default routes would be:</para> <informaltable frame="none" pgwide="1"> @@ -363,6 +381,7 @@ host2.example.com link#1 UC <entry>Local2 (10.20.30.2)</entry> <entry>Local1 (10.20.30.1)</entry> </row> + <row> <entry>Local1 (10.20.30.1, 10.9.9.30)</entry> <entry>T1-GW (10.9.9.1)</entry> @@ -372,9 +391,9 @@ host2.example.com link#1 UC </informaltable> <para>You can easily define the default route via the - <filename>/etc/rc.conf</filename> file. In our example, on the - <hostid>Local2</hostid> machine, we added the following line - in <filename>/etc/rc.conf</filename>:</para> + <filename>/etc/rc.conf</filename> file. In our example, on + the <hostid>Local2</hostid> machine, we added the following + line in <filename>/etc/rc.conf</filename>:</para> <programlisting>defaultrouter="10.20.30.1"</programlisting> @@ -391,12 +410,13 @@ host2.example.com link#1 UC <title>Dual Homed Hosts</title> <indexterm><primary>dual homed hosts</primary></indexterm> - <para>There is one other type of configuration that we should cover, and - that is a host that sits on two different networks. Technically, any - machine functioning as a gateway (in the example above, using a PPP - connection) counts as a dual-homed host. But the term is really only - used to refer to a machine that sits on two local-area - networks.</para> + + <para>There is one other type of configuration that we should + cover, and that is a host that sits on two different networks. + Technically, any machine functioning as a gateway (in the + example above, using a PPP connection) counts as a dual-homed + host. But the term is really only used to refer to a machine + that sits on two local-area networks.</para> <para>In one case, the machine has two Ethernet cards, each having an address on the separate subnets. Alternately, the @@ -406,16 +426,16 @@ host2.example.com link#1 UC if there is one physical network segment, but two logically separate subnets.</para> - <para>Either way, routing tables are set up so that each subnet knows - that this machine is the defined gateway (inbound route) to the other - subnet. This configuration, with the machine acting as a router - between the two subnets, is often used when we need to implement - packet filtering or firewall security in either or both - directions.</para> + <para>Either way, routing tables are set up so that each subnet + knows that this machine is the defined gateway (inbound route) + to the other subnet. This configuration, with the machine + acting as a router between the two subnets, is often used when + we need to implement packet filtering or firewall security in + either or both directions.</para> <para>If you want this machine to actually forward packets - between the two interfaces, you need to tell FreeBSD to enable - this ability. See the next section for more details on how + between the two interfaces, you need to tell FreeBSD to enable + this ability. See the next section for more details on how to do this.</para> </sect2> @@ -436,7 +456,8 @@ host2.example.com link#1 UC <para>This option will set the &man.sysctl.8; variable <varname>net.inet.ip.forwarding</varname> to <literal>1</literal>. If you should need to stop routing - temporarily, you can reset this to <literal>0</literal> temporarily.</para> + temporarily, you can reset this to <literal>0</literal> + temporarily.</para> <indexterm><primary>BGP</primary></indexterm> <indexterm><primary>RIP</primary></indexterm> @@ -448,8 +469,9 @@ host2.example.com link#1 UC version 2) and IRDP. Support for BGP v4, OSPF v2, and other sophisticated routing protocols is available with the <filename role="package">net/zebra</filename> package. - Commercial products such as <application>&gated;</application> are also available for more - complex network routing solutions.</para> + Commercial products such as <application>&gated;</application> + are also available for more complex network routing + solutions.</para> </sect2> <sect2 id="network-static-routes"> @@ -505,14 +527,15 @@ host2.example.com link#1 UC <para>In this scenario, <hostid>RouterA</hostid> is our &os; machine that is acting as a router to the rest of the - Internet. It has a default route set to <hostid - role="ipaddr">10.0.0.1</hostid> which allows it to connect - with the outside world. We will assume that + Internet. It has a default route set to + <hostid role="ipaddr">10.0.0.1</hostid> which allows it to + connect with the outside world. We will assume that <hostid>RouterB</hostid> is already configured properly and knows how to get wherever it needs to go. (This is simple in this picture. Just add a default route on - <hostid>RouterB</hostid> using <hostid - role="ipaddr">192.168.1.1</hostid> as the gateway.)</para> + <hostid>RouterB</hostid> using + <hostid role="ipaddr">192.168.1.1</hostid> as the + gateway.)</para> <para>If we look at the routing table for <hostid>RouterA</hostid> we would see something like the @@ -530,12 +553,13 @@ default 10.0.0.1 UG <para>With the current routing table <hostid>RouterA</hostid> will not be able to reach our Internal Net 2. It does not - have a route for <hostid - role="ipaddr">192.168.2.0/24</hostid>. One way to alleviate - this is to manually add the route. The following command - would add the Internal Net 2 network to - <hostid>RouterA</hostid>'s routing table using <hostid - role="ipaddr">192.168.1.2</hostid> as the next hop:</para> + have a route for + <hostid role="ipaddr">192.168.2.0/24</hostid>. One way to + alleviate this is to manually add the route. The following + command would add the Internal Net 2 network to + <hostid>RouterA</hostid>'s routing table using + <hostid role="ipaddr">192.168.1.2</hostid> as the next + hop:</para> <screen>&prompt.root; <userinput>route add -net 192.168.2.0/24 192.168.1.2</userinput></screen> @@ -571,17 +595,18 @@ route_internalnet2="-net 192.168.2.0/24 <screen>&prompt.root; <userinput>route add -net 192.168.2.0/24 192.168.1.2</userinput></screen> - <para>so we need <literal>"-net 192.168.2.0/24 192.168.1.2"</literal>.</para> + <para>so we need <literal>"-net 192.168.2.0/24 + 192.168.1.2"</literal>.</para> <para>As said above, we can have more than one string in - <literal>static_routes</literal>. This allows us to - create multiple static routes. The following lines shows - an example of adding static routes for the <hostid - role="ipaddr">192.168.0.0/24</hostid> and <hostid - role="ipaddr">192.168.1.0/24</hostid> networks on an imaginary - router:</para> + <literal>static_routes</literal>. This allows us to create + multiple static routes. The following lines shows an + example of adding static routes for the + <hostid role="ipaddr">192.168.0.0/24</hostid> and + <hostid role="ipaddr">192.168.1.0/24</hostid> networks on an + imaginary router:</para> - <programlisting>static_routes="net1 net2" + <programlisting>static_routes="net1 net2" route_net1="-net 192.168.0.0/24 192.168.0.1" route_net2="-net 192.168.1.0/24 192.168.1.1"</programlisting> </sect3> @@ -589,58 +614,67 @@ route_net2="-net 192.168.1.0/24 192.168. <sect2 id="network-routing-propagation"> <title>Routing Propagation</title> - <indexterm><primary>routing propagation</primary></indexterm> - <para>We have already talked about how we define our routes to the - outside world, but not about how the outside world finds us.</para> - <para>We already know that routing tables can be set up so that all - traffic for a particular address space (in our examples, a class-C - subnet) can be sent to a particular host on that network, which will - forward the packets inbound.</para> - - <para>When you get an address space assigned to your site, your service - provider will set up their routing tables so that all traffic for your - subnet will be sent down your PPP link to your site. But how do sites - across the country know to send to your ISP?</para> - - <para>There is a system (much like the distributed DNS information) that - keeps track of all assigned address-spaces, and defines their point of - connection to the Internet Backbone. The <quote>Backbone</quote> are - the main trunk lines that carry Internet traffic across the country, - and around the world. Each backbone machine has a copy of a master - set of tables, which direct traffic for a particular network to a - specific backbone carrier, and from there down the chain of service - providers until it reaches your network.</para> - - <para>It is the task of your service provider to advertise to the - backbone sites that they are the point of connection (and thus the - path inward) for your site. This is known as route + <indexterm><primary>routing propagation</primary></indexterm> + <para>We have already talked about how we define our routes to + the outside world, but not about how the outside world finds + us.</para> + + <para>We already know that routing tables can be set up so that + all traffic for a particular address space (in our examples, a + class-C subnet) can be sent to a particular host on that + network, which will forward the packets inbound.</para> + + <para>When you get an address space assigned to your site, your + service provider will set up their routing tables so that all + traffic for your subnet will be sent down your PPP link to + your site. But how do sites across the country know to send + to your ISP?</para> + + <para>There is a system (much like the distributed DNS + information) that keeps track of all assigned address-spaces, + and defines their point of connection to the Internet + Backbone. The <quote>Backbone</quote> are the main trunk + lines that carry Internet traffic across the country, and + around the world. Each backbone machine has a copy of a + master set of tables, which direct traffic for a particular + network to a specific backbone carrier, and from there down + the chain of service providers until it reaches your + network.</para> + + <para>It is the task of your service provider to advertise to + the backbone sites that they are the point of connection (and + thus the path inward) for your site. This is known as route propagation.</para> </sect2> <sect2 id="network-routing-troubleshooting"> <title>Troubleshooting</title> + <indexterm> - <primary><command>traceroute</command></primary> + <primary><command>traceroute</command></primary> </indexterm> - <para>Sometimes, there is a problem with routing propagation, and some - sites are unable to connect to you. Perhaps the most useful command - for trying to figure out where routing is breaking down is the - &man.traceroute.8; command. It is equally useful if you cannot seem - to make a connection to a remote machine (i.e., &man.ping.8; - fails).</para> - - <para>The &man.traceroute.8; command is run with the name of the remote - host you are trying to connect to. It will show the gateway hosts - along the path of the attempt, eventually either reaching the target - host, or terminating because of a lack of connection.</para> + + <para>Sometimes, there is a problem with routing propagation, + and some sites are unable to connect to you. Perhaps the most + useful command for trying to figure out where routing is + breaking down is the &man.traceroute.8; command. It is + equally useful if you cannot seem to make a connection to a + remote machine (i.e., &man.ping.8; fails).</para> + + <para>The &man.traceroute.8; command is run with the name of the + remote host you are trying to connect to. It will show the + gateway hosts along the path of the attempt, eventually either + reaching the target host, or terminating because of a lack of + connection.</para> <para>For more information, see the manual page for - &man.traceroute.8;.</para> + &man.traceroute.8;.</para> </sect2> <sect2 id="network-routing-multicast"> <title>Multicast Routing</title> + <indexterm> <primary>multicast routing</primary> </indexterm> @@ -657,19 +691,19 @@ route_net2="-net 192.168.1.0/24 192.168. <programlisting>options MROUTING</programlisting> <para>In addition, the multicast routing daemon, &man.mrouted.8; - must be configured to set up tunnels and <acronym>DVMRP</acronym> via + must be configured to set up tunnels and + <acronym>DVMRP</acronym> via <filename>/etc/mrouted.conf</filename>. More details on multicast configuration may be found in the manual page for &man.mrouted.8;.</para> <note> - <para>The &man.mrouted.8; multicast routing daemon - implements the - <acronym>DVMRP</acronym> multicast routing protocol, which has - largely been replaced by &man.pim.4; in many multicast - installations. &man.mrouted.8; and the related &man.map-mbone.8; and - &man.mrinfo.8; utilities - are available in the &os; Ports Collection as + <para>The &man.mrouted.8; multicast routing daemon implements + the <acronym>DVMRP</acronym> multicast routing protocol, + which has largely been replaced by &man.pim.4; in many + multicast installations. &man.mrouted.8; and the related + &man.map-mbone.8; and &man.mrinfo.8; utilities are available + in the &os; Ports Collection as <filename role="package">net/mrouted</filename>.</para> </note> </sect2> @@ -720,8 +754,8 @@ route_net2="-net 192.168.1.0/24 192.168. another wireless station messages must go through the AP. In the second form of network there is no master and stations communicate directly. This form of network is termed an IBSS - and is commonly known as an <emphasis>ad-hoc - network</emphasis>.</para> + and is commonly known as an + <emphasis>ad-hoc network</emphasis>.</para> <para>802.11 networks were first deployed in the 2.4GHz band using protocols defined by the &ieee; 802.11 and 802.11b @@ -811,10 +845,11 @@ route_net2="-net 192.168.1.0/24 192.168. support layer that handles chip-specific functions (&man.ath.hal.4;), and an algorithm for selecting which of several possible rates for transmitting frames - (ath_rate_sample here). When this support is loaded as kernel - modules, these dependencies are automatically handled for - you. If, instead of an Atheros device, you had another device - you would select the module for that device; e.g.:</para> + (ath_rate_sample here). When this support is loaded as + kernel modules, these dependencies are automatically handled + for you. If, instead of an Atheros device, you had another + device you would select the module for that device; + e.g.:</para> <programlisting>if_wi_load="YES"</programlisting> @@ -829,25 +864,23 @@ route_net2="-net 192.168.1.0/24 192.168. found in the &os; Hardware Notes. Copies of these notes for various releases and architectures are available on the <ulink - url="http://www.FreeBSD.org/releases/index.html">Release - Information</ulink> page of the &os; Web site. - If a native &os; driver - for your wireless device does not exist, it may be - possible to directly use the &windows; driver with the - help of the <link - linkend="config-network-ndis">NDIS</link> driver + url="http://www.FreeBSD.org/releases/index.html">Release + Information</ulink> page of the &os; Web site. If a + native &os; driver for your wireless device does not + exist, it may be possible to directly use the &windows; + driver with the help of the + <link linkend="config-network-ndis">NDIS</link> driver wrapper.</para> </note> - <para>Under &os; 7.X, with a device driver you need to also bring - in the 802.11 networking support required by the driver. - For the &man.ath.4; driver these are at least the &man.wlan.4;, - <literal>wlan_scan_ap</literal> and - <literal>wlan_scan_sta</literal> - modules; the &man.wlan.4; module is automatically loaded with the - wireless device driver, the remaining modules must be loaded - at boot time via the <filename>/boot/loader.conf</filename> - file:</para> + <para>Under &os; 7.X, with a device driver you need to + also bring in the 802.11 networking support required by the + driver. For the &man.ath.4; driver these are at least the + &man.wlan.4;, <literal>wlan_scan_ap</literal> and + <literal>wlan_scan_sta</literal> modules; the &man.wlan.4; + module is automatically loaded with the wireless device + driver, the remaining modules must be loaded at boot time + via the <filename>/boot/loader.conf</filename> file:</para> <programlisting>wlan_scan_ap_load="YES" wlan_scan_sta_load="YES"</programlisting> @@ -856,17 +889,16 @@ wlan_scan_sta_load="YES"</programlisting base &man.wlan.4; driver which is dynamically loaded with the adapter driver.</para> - <para>With that, you will need the modules - that implement cryptographic support for the security - protocols you intend to use. These are intended to be - dynamically loaded on demand by the &man.wlan.4; module but - for now they must be manually configured. The following - modules are available: &man.wlan.wep.4;, &man.wlan.ccmp.4; - and &man.wlan.tkip.4;. Both &man.wlan.ccmp.4; and - &man.wlan.tkip.4; drivers are only needed if you intend to - use the WPA and/or 802.11i security protocols. If your - network does not use encryption, - you will not need &man.wlan.wep.4; support. To + <para>With that, you will need the modules that implement + cryptographic support for the security protocols you intend + to use. These are intended to be dynamically loaded on + demand by the &man.wlan.4; module but for now they must be + manually configured. The following modules are available: + &man.wlan.wep.4;, &man.wlan.ccmp.4; and &man.wlan.tkip.4;. + Both &man.wlan.ccmp.4; and &man.wlan.tkip.4; drivers are + only needed if you intend to use the WPA and/or 802.11i + security protocols. If your network does not use + encryption, you will not need &man.wlan.wep.4; support. To load these modules at boot time, add the following lines to <filename>/boot/loader.conf</filename>:</para> @@ -1049,9 +1081,9 @@ freebsdap 00:11:95:c3:0d:ac 1 <para>This section provides a simple example of how to make the wireless network adapter work in &os; without encryption. After you are familiar with these concepts, - we strongly recommend using <link - linkend="network-wireless-wpa">WPA</link> to set up your - wireless network.</para> + we strongly recommend using + <link linkend="network-wireless-wpa">WPA</link> to set up + your wireless network.</para> <para>There are three basic steps to configure a wireless network: selecting an access point, authenticating your @@ -1133,7 +1165,7 @@ ifconfig_wlan0="mode <replaceable>11g</r will use open authentication which is the default setting. Next most common setup is WPA-PSK, also known as WPA Personal, which is described <link - linkend="network-wireless-wpa-wpa-psk">below</link>.</para> + linkend="network-wireless-wpa-wpa-psk">below</link>.</para> <note> <para>If you have an &apple; &airport; Extreme base @@ -1154,8 +1186,8 @@ ifconfig_wlan0="authmode shared wepmode crack the key. If WEP must be used (e.g., for compatibility with legacy devices) it is better to use WEP with <literal>open</literal> authentication. More - information regarding WEP can be found in the <xref - linkend="network-wireless-wep">.</para> + information regarding WEP can be found in the + <xref linkend="network-wireless-wep">.</para> </note> </sect5> @@ -1198,8 +1230,8 @@ wlan0: flags=8843<UP,BROADCAST,RUNNIN <literal>dlinkap</literal> network in our case). The <literal>bssid 00:13:46:49:41:76</literal> part is the MAC address of your access point; the - <literal>authmode OPEN</literal> part informs you that the - communication is not encrypted.</para> + <literal>authmode OPEN</literal> part informs you that + the communication is not encrypted.</para> </sect5> <sect5> @@ -1222,16 +1254,16 @@ ifconfig_wlan0="inet <replaceable>192.16 <para>WPA (Wi-Fi Protected Access) is a security protocol used together with 802.11 networks to address the lack of - proper authentication and the weakness of <link - linkend="network-wireless-wep">WEP</link>. WPA leverages - the 802.1X authentication protocol and uses one of several - ciphers instead of WEP for data integrity. The only - cipher required by WPA is TKIP (Temporary Key Integrity - Protocol). TKIP is a cipher that extends the basic RC4 - cipher used by WEP by adding integrity checking, tamper - detection, and measures for responding to any detected - intrusions. TKIP is designed to work on legacy hardware - with only software modification; it represents a + proper authentication and the weakness of + <link linkend="network-wireless-wep">WEP</link>. WPA + leverages the 802.1X authentication protocol and uses one + of several ciphers instead of WEP for data integrity. The + only cipher required by WPA is TKIP (Temporary Key + Integrity Protocol). TKIP is a cipher that extends the + basic RC4 cipher used by WEP by adding integrity checking, + tamper detection, and measures for responding to any + detected intrusions. TKIP is designed to work on legacy + hardware with only software modification; it represents a compromise that improves security but is still not entirely immune to attack. WPA also specifies the AES-CCMP cipher as an alternative to TKIP and that is @@ -1345,7 +1377,7 @@ wlan0: flags=8843<UP,BROADCAST,RUNNIN <note> <para>If <filename>/etc/rc.conf</filename> has an - <literal>ifconfig_wlan0</literal> entry with the + <literal>ifconfig_wlan0</literal> entry with the <literal>DHCP</literal> string (like <literal>ifconfig_wlan0="DHCP"</literal>), <command>dhclient</command> will be launched @@ -1431,8 +1463,8 @@ wlan0: flags=8843<UP,BROADCAST,RUNNIN </callout> <callout arearefs="co-tls-proto"> - <para>Here, we use RSN (&ieee; 802.11i) protocol, i.e., - WPA2.</para> + <para>Here, we use RSN (&ieee; 802.11i) protocol, + i.e., WPA2.</para> </callout> <callout arearefs="co-tls-kmgmt"> @@ -1600,16 +1632,16 @@ wlan0: flags=8843<UP,BROADCAST,RUNNIN <title>WPA with EAP-PEAP</title> <note> - <para>PEAPv0/EAP-MSCHAPv2 is the most common PEAP method. - In the rest of this document, we will use the PEAP term - to refer to that method.</para> + <para>PEAPv0/EAP-MSCHAPv2 is the most common PEAP + method. In the rest of this document, we will use the + PEAP term to refer to that method.</para> </note> - + <para>PEAP (Protected EAP) has been designed as an alternative to EAP-TTLS, and is the most used EAP standard after EAP-TLS. In other words, if you have a - network with mixed OSes, PEAP should be the - most supported standard after EAP-TLS.</para> + network with mixed OSes, PEAP should be the most + supported standard after EAP-TLS.</para> <para>PEAP is similar to EAP-TTLS: it uses a server-side certificate to authenticate clients by creating an @@ -1663,13 +1695,13 @@ wlan0: flags=8843<UP,BROADCAST,RUNNIN <callout arearefs="co-peap-pha1"> <para>This field contains the parameters for the - first phase of authentication (the TLS - tunnel). According to the authentication server - used, you will have to specify a specific label - for authentication. Most of the time, the label - will be <quote>client EAP encryption</quote> which - is set by using <literal>peaplabel=0</literal>. - More information can be found in the + first phase of authentication (the TLS tunnel). + According to the authentication server used, you + will have to specify a specific label for + authentication. Most of the time, the label will be + <quote>client EAP encryption</quote> which is set by + using <literal>peaplabel=0</literal>. More + information can be found in the &man.wpa.supplicant.conf.5; manual page.</para> </callout> @@ -1726,11 +1758,12 @@ wlan0: flags=8843<UP,BROADCAST,RUNNIN <itemizedlist> <listitem> + <para>The <literal>weptxkey</literal> means which WEP - key will be used in the transmission. Here we used the - third key. This must match the setting in the access - point. If you do not have any idea of which key is - used by the access point, try + key will be used in the transmission. Here we used + the third key. This must match the setting in the + access point. If you do not have any idea of which + key is used by the access point, try <literal>1</literal> (i.e., the first key) for this value.</para> </listitem> @@ -1744,8 +1777,8 @@ wlan0: flags=8843<UP,BROADCAST,RUNNIN than the first key.</para> <note> - <para>You must replace - the <literal>0x3456789012</literal> with the key + <para>You must replace the + <literal>0x3456789012</literal> with the key configured for use on the access point.</para> </note> </listitem> @@ -1782,8 +1815,8 @@ Associated with 00:13:46:49:41:76</scree <para>IBSS mode, also called ad-hoc mode, is designed for point to point connections. For example, to establish an ad-hoc network between the machine <hostid>A</hostid> and the machine - <hostid>B</hostid>, we will just need to choose two IP addresses - and a SSID.</para> + <hostid>B</hostid>, we will just need to choose two IP + addresses and a SSID.</para> <para>On the box <hostid>A</hostid>:</para> @@ -1826,16 +1859,16 @@ Associated with 00:13:46:49:41:76</scree country US ecm authmode OPEN privacy OFF txpower 21.5 scanvalid 60 protmode CTS wme burst</screen> - <para>Both <hostid>A</hostid> and <hostid>B</hostid> are now - ready to exchange information.</para> + <para>Both <hostid>A</hostid> and <hostid>B</hostid> are now + ready to exchange information.</para> </sect2> <sect2 id="network-wireless-ap"> <title>&os; Host Access Points</title> <para>&os; can act as an Access Point (AP) which eliminates the - need to buy a hardware AP or run an ad-hoc network. This can be - particularly useful when your &os; machine is acting as a + need to buy a hardware AP or run an ad-hoc network. This can + be particularly useful when your &os; machine is acting as a gateway to another network (e.g., the Internet).</para> <sect3 id="network-wireless-ap-basic"> @@ -1845,13 +1878,13 @@ Associated with 00:13:46:49:41:76</scree kernel must be configured with the appropriate wireless networking support for your wireless card. You also have to add support for the security protocols you intend to - use. For more details, see <xref - linkend="network-wireless-basic">.</para> + use. For more details, see + <xref linkend="network-wireless-basic">.</para> <note> <para>The use of the NDIS driver wrapper and the &windows; - drivers do not currently allow AP operation. Only - native &os; wireless drivers support AP mode.</para> + drivers do not currently allow AP operation. Only native + &os; wireless drivers support AP mode.</para> </note> <para>Once wireless networking support is loaded, you can @@ -1964,8 +1997,8 @@ freebsdap 00:11:95:c3:0d:ac 1 <para>Before trying to configure <application>hostapd</application>, be sure you have done - the basic settings introduced in the <xref - linkend="network-wireless-ap-basic">.</para> + the basic settings introduced in the + <xref linkend="network-wireless-ap-basic">.</para> <sect4> <title>WPA-PSK</title> @@ -2023,8 +2056,8 @@ wpa_pairwise=CCMP TKIP <co id="co-ap-wpa <callout arearefs="co-ap-wpapsk-wpa"> <para>The <literal>wpa</literal> field enables WPA and specifies which WPA authentication protocol will be - required. A value of <literal>1</literal> configures the - AP for WPA-PSK.</para> + required. A value of <literal>1</literal> configures + the AP for WPA-PSK.</para> </callout> <callout arearefs="co-ap-wpapsk-pass"> @@ -2061,7 +2094,7 @@ wpa_pairwise=CCMP TKIP <co id="co-ap-wpa <screen>&prompt.root <userinput>/etc/rc.d/hostapd forcestart</userinput></screen> - <screen>&prompt.root; <userinput>ifconfig <replaceable>wlan0</replaceable></userinput> + <screen>&prompt.root; <userinput>ifconfig <replaceable>wlan0</replaceable></userinput> wlan0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 2290 inet 192.168.0.1 netmask 0xffffff00 broadcast 192.168.0.255 inet6 fe80::211:95ff:fec3:dac%ath0 prefixlen 64 scopeid 0x4 @@ -2071,12 +2104,13 @@ wpa_pairwise=CCMP TKIP <co id="co-ap-wpa ssid freebsdap channel 1 bssid 00:11:95:c3:0d:ac authmode WPA2/802.11i privacy MIXED deftxkey 2 TKIP 2:128-bit txpowmax 36 protmode CTS dtimperiod 1 bintval 100</screen> - <para>The Access Point is running, the clients can now be - associated with it, see <xref - linkend="network-wireless-wpa"> for more details. It is - possible to see the stations associated with the AP using - the <command>ifconfig <replaceable>wlan0</replaceable> list - sta</command> command.</para> + <para>The Access Point is running, the clients can now be + associated with it, see + <xref linkend="network-wireless-wpa"> for more details. + It is possible to see the stations associated with the AP + using the <command>ifconfig + <replaceable>wlan0</replaceable> list sta</command> + command.</para> </sect4> </sect3> @@ -2129,8 +2163,8 @@ wpa_pairwise=CCMP TKIP <co id="co-ap-wpa country US ecm authmode OPEN privacy ON deftxkey 3 wepkey 3:40-bit txpower 21.5 scanvalid 60 protmode CTS wme burst dtimperiod 1 -dfs</screen> - <para>From another wireless machine, it is possible to initiate - a scan to find the AP:</para> + <para>From another wireless machine, it is possible to + initiate a scan to find the AP:</para> <screen>&prompt.root; <userinput>ifconfig <replaceable>wlan0</replaceable> create wlandev <replaceable>ath0</replaceable></userinput> &prompt.root; <userinput>ifconfig <replaceable>wlan0</replaceable> up scan</userinput> @@ -2147,20 +2181,23 @@ freebsdap 00:11:95:c3:0d:ac 1 <sect2> <title>Using Both Wired and Wireless Connection</title> - <para>Wired connection provides better performance and reliability, - while wireless connection provides flexibility and mobility, - users of laptop computers usually want to combine these together - and roam seamlessly between the two.</para> - - <para>On &os;, it is possible to combine two or even more network - interfaces together in a <quote>failover</quote> fashion, that - is, to use the most preferred and available connection from a - group of network interfaces, and have the operating system - switch automatically when the link state changes.</para> - - <para>We will cover link aggregation and failover in <xref linkend="network-aggregation"> - where an example for using both wired and wireless connection *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201205290531.q4T5VMpd055374>