From owner-svn-doc-head@FreeBSD.ORG Tue May 29 05:31:23 2012 Return-Path: Delivered-To: svn-doc-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 26EA11065672; Tue, 29 May 2012 05:31:23 +0000 (UTC) (envelope-from wblock@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 0F7B08FC08; Tue, 29 May 2012 05:31:23 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.4/8.14.4) with ESMTP id q4T5VMB8055376; Tue, 29 May 2012 05:31:22 GMT (envelope-from wblock@svn.freebsd.org) Received: (from wblock@localhost) by svn.freebsd.org (8.14.4/8.14.4/Submit) id q4T5VMpd055374; Tue, 29 May 2012 05:31:22 GMT (envelope-from wblock@svn.freebsd.org) Message-Id: <201205290531.q4T5VMpd055374@svn.freebsd.org> From: Warren Block Date: Tue, 29 May 2012 05:31:22 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org X-SVN-Group: doc-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r38927 - head/en_US.ISO8859-1/books/handbook/advanced-networking X-BeenThere: svn-doc-head@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for the doc tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 May 2012 05:31:23 -0000 Author: wblock Date: Tue May 29 05:31:22 2012 New Revision: 38927 URL: http://svn.freebsd.org/changeset/doc/38927 Log: Whitespace-only fixes for indentation and long lines. Translators, please ignore. Modified: head/en_US.ISO8859-1/books/handbook/advanced-networking/chapter.sgml Modified: head/en_US.ISO8859-1/books/handbook/advanced-networking/chapter.sgml ============================================================================== --- head/en_US.ISO8859-1/books/handbook/advanced-networking/chapter.sgml Mon May 28 18:06:06 2012 (r38926) +++ head/en_US.ISO8859-1/books/handbook/advanced-networking/chapter.sgml Tue May 29 05:31:22 2012 (r38927) @@ -21,7 +21,8 @@ - How to set up &ieee; 802.11 and &bluetooth; devices. + How to set up &ieee; 802.11 and &bluetooth; + devices. @@ -29,11 +30,13 @@ - How to set up network booting on a diskless machine. + How to set up network booting on a diskless + machine. - How to set up network PXE booting with an NFS root file system. + How to set up network PXE booting with an NFS root file + system. @@ -62,7 +65,8 @@ - Understand the basics of the /etc/rc scripts. + Understand the basics of the + /etc/rc scripts. @@ -70,13 +74,13 @@ - Know how to configure and install a new FreeBSD kernel - (). + Know how to configure and install a new FreeBSD kernel + (). - Know how to install additional third-party - software (). + Know how to install additional third-party + software (). @@ -85,18 +89,20 @@ - - Coranth - Gryphon + + Coranth + Gryphon Contributed by - + + Gateways and Routes routing gateway subnet + For one machine to be able to find another over a network, there must be a mechanism in place to describe how to get from one to the other. This is called @@ -111,14 +117,13 @@ bit more about default routes later on. There are also three types of gateways: individual hosts, interfaces (also called links), and Ethernet hardware addresses (MAC - addresses). - + addresses). An Example - To illustrate different aspects of routing, we will use the - following example from netstat: + To illustrate different aspects of routing, we will use + the following example from netstat: &prompt.user; netstat -r Routing tables @@ -137,8 +142,9 @@ host2.example.com link#1 UC default route The first two lines specify the default route (which we - will cover in the next - section) and the localhost route. + will cover in the + next section) + and the localhost route. loopback device The interface (Netif column) that this @@ -150,8 +156,8 @@ host2.example.com link#1 UC started. - Ethernet - MAC address + Ethernet + MAC address The next thing that stands out are the addresses beginning with 0:e0:. These are Ethernet @@ -169,24 +175,28 @@ host2.example.com link#1 UC based upon a shortest path determination. subnet - FreeBSD will also add subnet routes for the local subnet (10.20.30.255 is the broadcast address for the - subnet 10.20.30, and example.com is the domain name associated - with that subnet). The designation link#1 refers - to the first Ethernet card in the machine. You will notice no - additional interface is specified for those. - - Both of these groups (local network hosts and local subnets) have - their routes automatically configured by a daemon called - routed. If this is not run, then only - routes which are statically defined (i.e., entered explicitly) will - exist. - - The host1 line refers to our host, which it - knows by Ethernet address. Since we are the sending host, FreeBSD - knows to use the loopback interface (lo0) - rather than sending it out over the Ethernet interface. + + FreeBSD will also add subnet routes for the local subnet + (10.20.30.255 is the broadcast + address for the subnet + 10.20.30, and + example.com is the domain + name associated with that subnet). The designation + link#1 refers to the first Ethernet card in + the machine. You will notice no additional interface is + specified for those. + + Both of these groups (local network hosts and local + subnets) have their routes automatically configured by a + daemon called routed. If this is + not run, then only routes which are statically defined (i.e., + entered explicitly) will exist. + + The host1 line refers to our host, + which it knows by Ethernet address. Since we are the sending + host, FreeBSD knows to use the loopback interface + (lo0) rather than sending it out over + the Ethernet interface. The two host2 lines are an example of what happens when we use an &man.ifconfig.8; alias (see the @@ -199,8 +209,9 @@ host2.example.com link#1 UC hosts on the local network will simply have a link#1 line for such routes. - The final line (destination subnet 224) deals - with multicasting, which will be covered in another section. + The final line (destination subnet + 224) deals with multicasting, + which will be covered in another section. Finally, various attributes of each route can be seen in the Flags column. Below is a short table @@ -219,14 +230,15 @@ host2.example.com link#1 UC H - Host: The route destination is a single host. + Host: The route destination is a single + host. G - Gateway: Send anything for this destination on to this - remote system, which will figure out from there where to send - it. + Gateway: Send anything for this destination on to + this remote system, which will figure out from there + where to send it. @@ -237,15 +249,16 @@ host2.example.com link#1 UC C - Clone: Generates a new route based upon this route for - machines we connect to. This type of route is normally used - for local networks. + Clone: Generates a new route based upon this + route for machines we connect to. This type of route + is normally used for local networks. W - WasCloned: Indicated a route that was auto-configured - based upon a local area network (Clone) route. + WasCloned: Indicated a route that was + auto-configured based upon a local area network + (Clone) route. @@ -262,27 +275,29 @@ host2.example.com link#1 UC Default Routes default route - When the local system needs to make a connection to a remote host, - it checks the routing table to determine if a known path exists. If - the remote host falls into a subnet that we know how to reach (Cloned - routes), then the system checks to see if it can connect along that - interface. - If all known paths fail, the system has one last option: the - default route. This route is a special type of gateway - route (usually the only one present in the system), and is always - marked with a c in the flags field. For hosts on a - local area network, this gateway is set to whatever machine has a - direct connection to the outside world (whether via PPP link, - DSL, cable modem, T1, or another network interface). - - If you are configuring the default route for a machine which - itself is functioning as the gateway to the outside world, then the - default route will be the gateway machine at your Internet Service - Provider's (ISP) site. + When the local system needs to make a connection to a + remote host, it checks the routing table to determine if a + known path exists. If the remote host falls into a subnet + that we know how to reach (Cloned routes), then the system + checks to see if it can connect along that interface. + + If all known paths fail, the system has one last option: + the default route. This route is a special + type of gateway route (usually the only one present in the + system), and is always marked with a c in + the flags field. For hosts on a local area network, this + gateway is set to whatever machine has a direct connection to + the outside world (whether via PPP link, DSL, cable modem, T1, + or another network interface). + + If you are configuring the default route for a machine + which itself is functioning as the gateway to the outside + world, then the default route will be the gateway machine at + your Internet Service Provider's (ISP) site. - Let us look at an example of default routes. This is a common - configuration: + Let us look at an example of default routes. This is a + common configuration: @@ -303,7 +318,8 @@ host2.example.com link#1 UC a local area network to another gateway computer through an external interface to the ISPs Internet feed. - The default routes for each of your machines will be: + The default routes for each of your machines will + be: @@ -332,22 +348,24 @@ host2.example.com link#1 UC A common question is Why (or how) would we set - the T1-GW to be the default gateway for - Local1, rather than the ISP server it is - connected to?. - - Remember, since the PPP interface is using an address on the ISP's - local network for your side of the connection, routes for any other - machines on the ISP's local network will be automatically generated. - Hence, you will already know how to reach the T1-GW - machine, so there is no need for the intermediate step - of sending traffic to the ISP server. - - It is common to use the address X.X.X.1 as the gateway address for your local - network. So (using the same example), if your local class-C address - space was 10.20.30 and your ISP was - using 10.9.9 then the default routes + the T1-GW to be the default gateway for + Local1, rather than the ISP server it is + connected to?. + + Remember, since the PPP interface is using an address on + the ISP's local network for your side of the connection, + routes for any other machines on the ISP's local network will + be automatically generated. Hence, you will already know how + to reach the T1-GW machine, so there is no + need for the intermediate step of sending traffic to the ISP + server. + + It is common to use the address + X.X.X.1 as the gateway address + for your local network. So (using the same example), if your + local class-C address space was + 10.20.30 and your ISP was using + 10.9.9 then the default routes would be: @@ -363,6 +381,7 @@ host2.example.com link#1 UC Local2 (10.20.30.2) Local1 (10.20.30.1) + Local1 (10.20.30.1, 10.9.9.30) T1-GW (10.9.9.1) @@ -372,9 +391,9 @@ host2.example.com link#1 UC You can easily define the default route via the - /etc/rc.conf file. In our example, on the - Local2 machine, we added the following line - in /etc/rc.conf: + /etc/rc.conf file. In our example, on + the Local2 machine, we added the following + line in /etc/rc.conf: defaultrouter="10.20.30.1" @@ -391,12 +410,13 @@ host2.example.com link#1 UC Dual Homed Hosts dual homed hosts - There is one other type of configuration that we should cover, and - that is a host that sits on two different networks. Technically, any - machine functioning as a gateway (in the example above, using a PPP - connection) counts as a dual-homed host. But the term is really only - used to refer to a machine that sits on two local-area - networks. + + There is one other type of configuration that we should + cover, and that is a host that sits on two different networks. + Technically, any machine functioning as a gateway (in the + example above, using a PPP connection) counts as a dual-homed + host. But the term is really only used to refer to a machine + that sits on two local-area networks. In one case, the machine has two Ethernet cards, each having an address on the separate subnets. Alternately, the @@ -406,16 +426,16 @@ host2.example.com link#1 UC if there is one physical network segment, but two logically separate subnets. - Either way, routing tables are set up so that each subnet knows - that this machine is the defined gateway (inbound route) to the other - subnet. This configuration, with the machine acting as a router - between the two subnets, is often used when we need to implement - packet filtering or firewall security in either or both - directions. + Either way, routing tables are set up so that each subnet + knows that this machine is the defined gateway (inbound route) + to the other subnet. This configuration, with the machine + acting as a router between the two subnets, is often used when + we need to implement packet filtering or firewall security in + either or both directions. If you want this machine to actually forward packets - between the two interfaces, you need to tell FreeBSD to enable - this ability. See the next section for more details on how + between the two interfaces, you need to tell FreeBSD to enable + this ability. See the next section for more details on how to do this. @@ -436,7 +456,8 @@ host2.example.com link#1 UC This option will set the &man.sysctl.8; variable net.inet.ip.forwarding to 1. If you should need to stop routing - temporarily, you can reset this to 0 temporarily. + temporarily, you can reset this to 0 + temporarily. BGP RIP @@ -448,8 +469,9 @@ host2.example.com link#1 UC version 2) and IRDP. Support for BGP v4, OSPF v2, and other sophisticated routing protocols is available with the net/zebra package. - Commercial products such as &gated; are also available for more - complex network routing solutions. + Commercial products such as &gated; + are also available for more complex network routing + solutions. @@ -505,14 +527,15 @@ host2.example.com link#1 UC In this scenario, RouterA is our &os; machine that is acting as a router to the rest of the - Internet. It has a default route set to 10.0.0.1 which allows it to connect - with the outside world. We will assume that + Internet. It has a default route set to + 10.0.0.1 which allows it to + connect with the outside world. We will assume that RouterB is already configured properly and knows how to get wherever it needs to go. (This is simple in this picture. Just add a default route on - RouterB using 192.168.1.1 as the gateway.) + RouterB using + 192.168.1.1 as the + gateway.) If we look at the routing table for RouterA we would see something like the @@ -530,12 +553,13 @@ default 10.0.0.1 UG With the current routing table RouterA will not be able to reach our Internal Net 2. It does not - have a route for 192.168.2.0/24. One way to alleviate - this is to manually add the route. The following command - would add the Internal Net 2 network to - RouterA's routing table using 192.168.1.2 as the next hop: + have a route for + 192.168.2.0/24. One way to + alleviate this is to manually add the route. The following + command would add the Internal Net 2 network to + RouterA's routing table using + 192.168.1.2 as the next + hop: &prompt.root; route add -net 192.168.2.0/24 192.168.1.2 @@ -571,17 +595,18 @@ route_internalnet2="-net 192.168.2.0/24 &prompt.root; route add -net 192.168.2.0/24 192.168.1.2 - so we need "-net 192.168.2.0/24 192.168.1.2". + so we need "-net 192.168.2.0/24 + 192.168.1.2". As said above, we can have more than one string in - static_routes. This allows us to - create multiple static routes. The following lines shows - an example of adding static routes for the 192.168.0.0/24 and 192.168.1.0/24 networks on an imaginary - router: + static_routes. This allows us to create + multiple static routes. The following lines shows an + example of adding static routes for the + 192.168.0.0/24 and + 192.168.1.0/24 networks on an + imaginary router: - static_routes="net1 net2" + static_routes="net1 net2" route_net1="-net 192.168.0.0/24 192.168.0.1" route_net2="-net 192.168.1.0/24 192.168.1.1" @@ -589,58 +614,67 @@ route_net2="-net 192.168.1.0/24 192.168. Routing Propagation - routing propagation - We have already talked about how we define our routes to the - outside world, but not about how the outside world finds us. - We already know that routing tables can be set up so that all - traffic for a particular address space (in our examples, a class-C - subnet) can be sent to a particular host on that network, which will - forward the packets inbound. - - When you get an address space assigned to your site, your service - provider will set up their routing tables so that all traffic for your - subnet will be sent down your PPP link to your site. But how do sites - across the country know to send to your ISP? - - There is a system (much like the distributed DNS information) that - keeps track of all assigned address-spaces, and defines their point of - connection to the Internet Backbone. The Backbone are - the main trunk lines that carry Internet traffic across the country, - and around the world. Each backbone machine has a copy of a master - set of tables, which direct traffic for a particular network to a - specific backbone carrier, and from there down the chain of service - providers until it reaches your network. - - It is the task of your service provider to advertise to the - backbone sites that they are the point of connection (and thus the - path inward) for your site. This is known as route + routing propagation + We have already talked about how we define our routes to + the outside world, but not about how the outside world finds + us. + + We already know that routing tables can be set up so that + all traffic for a particular address space (in our examples, a + class-C subnet) can be sent to a particular host on that + network, which will forward the packets inbound. + + When you get an address space assigned to your site, your + service provider will set up their routing tables so that all + traffic for your subnet will be sent down your PPP link to + your site. But how do sites across the country know to send + to your ISP? + + There is a system (much like the distributed DNS + information) that keeps track of all assigned address-spaces, + and defines their point of connection to the Internet + Backbone. The Backbone are the main trunk + lines that carry Internet traffic across the country, and + around the world. Each backbone machine has a copy of a + master set of tables, which direct traffic for a particular + network to a specific backbone carrier, and from there down + the chain of service providers until it reaches your + network. + + It is the task of your service provider to advertise to + the backbone sites that they are the point of connection (and + thus the path inward) for your site. This is known as route propagation. Troubleshooting + - traceroute + traceroute - Sometimes, there is a problem with routing propagation, and some - sites are unable to connect to you. Perhaps the most useful command - for trying to figure out where routing is breaking down is the - &man.traceroute.8; command. It is equally useful if you cannot seem - to make a connection to a remote machine (i.e., &man.ping.8; - fails). - - The &man.traceroute.8; command is run with the name of the remote - host you are trying to connect to. It will show the gateway hosts - along the path of the attempt, eventually either reaching the target - host, or terminating because of a lack of connection. + + Sometimes, there is a problem with routing propagation, + and some sites are unable to connect to you. Perhaps the most + useful command for trying to figure out where routing is + breaking down is the &man.traceroute.8; command. It is + equally useful if you cannot seem to make a connection to a + remote machine (i.e., &man.ping.8; fails). + + The &man.traceroute.8; command is run with the name of the + remote host you are trying to connect to. It will show the + gateway hosts along the path of the attempt, eventually either + reaching the target host, or terminating because of a lack of + connection. For more information, see the manual page for - &man.traceroute.8;. + &man.traceroute.8;. Multicast Routing + multicast routing @@ -657,19 +691,19 @@ route_net2="-net 192.168.1.0/24 192.168. options MROUTING In addition, the multicast routing daemon, &man.mrouted.8; - must be configured to set up tunnels and DVMRP via + must be configured to set up tunnels and + DVMRP via /etc/mrouted.conf. More details on multicast configuration may be found in the manual page for &man.mrouted.8;. - The &man.mrouted.8; multicast routing daemon - implements the - DVMRP multicast routing protocol, which has - largely been replaced by &man.pim.4; in many multicast - installations. &man.mrouted.8; and the related &man.map-mbone.8; and - &man.mrinfo.8; utilities - are available in the &os; Ports Collection as + The &man.mrouted.8; multicast routing daemon implements + the DVMRP multicast routing protocol, + which has largely been replaced by &man.pim.4; in many + multicast installations. &man.mrouted.8; and the related + &man.map-mbone.8; and &man.mrinfo.8; utilities are available + in the &os; Ports Collection as net/mrouted. @@ -720,8 +754,8 @@ route_net2="-net 192.168.1.0/24 192.168. another wireless station messages must go through the AP. In the second form of network there is no master and stations communicate directly. This form of network is termed an IBSS - and is commonly known as an ad-hoc - network. + and is commonly known as an + ad-hoc network. 802.11 networks were first deployed in the 2.4GHz band using protocols defined by the &ieee; 802.11 and 802.11b @@ -811,10 +845,11 @@ route_net2="-net 192.168.1.0/24 192.168. support layer that handles chip-specific functions (&man.ath.hal.4;), and an algorithm for selecting which of several possible rates for transmitting frames - (ath_rate_sample here). When this support is loaded as kernel - modules, these dependencies are automatically handled for - you. If, instead of an Atheros device, you had another device - you would select the module for that device; e.g.: + (ath_rate_sample here). When this support is loaded as + kernel modules, these dependencies are automatically handled + for you. If, instead of an Atheros device, you had another + device you would select the module for that device; + e.g.: if_wi_load="YES" @@ -829,25 +864,23 @@ route_net2="-net 192.168.1.0/24 192.168. found in the &os; Hardware Notes. Copies of these notes for various releases and architectures are available on the Release - Information page of the &os; Web site. - If a native &os; driver - for your wireless device does not exist, it may be - possible to directly use the &windows; driver with the - help of the NDIS driver + url="http://www.FreeBSD.org/releases/index.html">Release + Information page of the &os; Web site. If a + native &os; driver for your wireless device does not + exist, it may be possible to directly use the &windows; + driver with the help of the + NDIS driver wrapper. - Under &os; 7.X, with a device driver you need to also bring - in the 802.11 networking support required by the driver. - For the &man.ath.4; driver these are at least the &man.wlan.4;, - wlan_scan_ap and - wlan_scan_sta - modules; the &man.wlan.4; module is automatically loaded with the - wireless device driver, the remaining modules must be loaded - at boot time via the /boot/loader.conf - file: + Under &os; 7.X, with a device driver you need to + also bring in the 802.11 networking support required by the + driver. For the &man.ath.4; driver these are at least the + &man.wlan.4;, wlan_scan_ap and + wlan_scan_sta modules; the &man.wlan.4; + module is automatically loaded with the wireless device + driver, the remaining modules must be loaded at boot time + via the /boot/loader.conf file: wlan_scan_ap_load="YES" wlan_scan_sta_load="YES" @@ -856,17 +889,16 @@ wlan_scan_sta_load="YES" - With that, you will need the modules - that implement cryptographic support for the security - protocols you intend to use. These are intended to be - dynamically loaded on demand by the &man.wlan.4; module but - for now they must be manually configured. The following - modules are available: &man.wlan.wep.4;, &man.wlan.ccmp.4; - and &man.wlan.tkip.4;. Both &man.wlan.ccmp.4; and - &man.wlan.tkip.4; drivers are only needed if you intend to - use the WPA and/or 802.11i security protocols. If your - network does not use encryption, - you will not need &man.wlan.wep.4; support. To + With that, you will need the modules that implement + cryptographic support for the security protocols you intend + to use. These are intended to be dynamically loaded on + demand by the &man.wlan.4; module but for now they must be + manually configured. The following modules are available: + &man.wlan.wep.4;, &man.wlan.ccmp.4; and &man.wlan.tkip.4;. + Both &man.wlan.ccmp.4; and &man.wlan.tkip.4; drivers are + only needed if you intend to use the WPA and/or 802.11i + security protocols. If your network does not use + encryption, you will not need &man.wlan.wep.4; support. To load these modules at boot time, add the following lines to /boot/loader.conf: @@ -1049,9 +1081,9 @@ freebsdap 00:11:95:c3:0d:ac 1 This section provides a simple example of how to make the wireless network adapter work in &os; without encryption. After you are familiar with these concepts, - we strongly recommend using WPA to set up your - wireless network. + we strongly recommend using + WPA to set up + your wireless network. There are three basic steps to configure a wireless network: selecting an access point, authenticating your @@ -1133,7 +1165,7 @@ ifconfig_wlan0="mode 11gbelow. + linkend="network-wireless-wpa-wpa-psk">below. If you have an &apple; &airport; Extreme base @@ -1154,8 +1186,8 @@ ifconfig_wlan0="authmode shared wepmode crack the key. If WEP must be used (e.g., for compatibility with legacy devices) it is better to use WEP with open authentication. More - information regarding WEP can be found in the . + information regarding WEP can be found in the + . @@ -1198,8 +1230,8 @@ wlan0: flags=8843<UP,BROADCAST,RUNNIN dlinkap network in our case). The bssid 00:13:46:49:41:76 part is the MAC address of your access point; the - authmode OPEN part informs you that the - communication is not encrypted. + authmode OPEN part informs you that + the communication is not encrypted. @@ -1222,16 +1254,16 @@ ifconfig_wlan0="inet 192.16 WPA (Wi-Fi Protected Access) is a security protocol used together with 802.11 networks to address the lack of - proper authentication and the weakness of WEP. WPA leverages - the 802.1X authentication protocol and uses one of several - ciphers instead of WEP for data integrity. The only - cipher required by WPA is TKIP (Temporary Key Integrity - Protocol). TKIP is a cipher that extends the basic RC4 - cipher used by WEP by adding integrity checking, tamper - detection, and measures for responding to any detected - intrusions. TKIP is designed to work on legacy hardware - with only software modification; it represents a + proper authentication and the weakness of + WEP. WPA + leverages the 802.1X authentication protocol and uses one + of several ciphers instead of WEP for data integrity. The + only cipher required by WPA is TKIP (Temporary Key + Integrity Protocol). TKIP is a cipher that extends the + basic RC4 cipher used by WEP by adding integrity checking, + tamper detection, and measures for responding to any + detected intrusions. TKIP is designed to work on legacy + hardware with only software modification; it represents a compromise that improves security but is still not entirely immune to attack. WPA also specifies the AES-CCMP cipher as an alternative to TKIP and that is @@ -1345,7 +1377,7 @@ wlan0: flags=8843<UP,BROADCAST,RUNNIN If /etc/rc.conf has an - ifconfig_wlan0 entry with the + ifconfig_wlan0 entry with the DHCP string (like ifconfig_wlan0="DHCP"), dhclient will be launched @@ -1431,8 +1463,8 @@ wlan0: flags=8843<UP,BROADCAST,RUNNIN - Here, we use RSN (&ieee; 802.11i) protocol, i.e., - WPA2. + Here, we use RSN (&ieee; 802.11i) protocol, + i.e., WPA2. @@ -1600,16 +1632,16 @@ wlan0: flags=8843<UP,BROADCAST,RUNNIN WPA with EAP-PEAP - PEAPv0/EAP-MSCHAPv2 is the most common PEAP method. - In the rest of this document, we will use the PEAP term - to refer to that method. + PEAPv0/EAP-MSCHAPv2 is the most common PEAP + method. In the rest of this document, we will use the + PEAP term to refer to that method. - + PEAP (Protected EAP) has been designed as an alternative to EAP-TTLS, and is the most used EAP standard after EAP-TLS. In other words, if you have a - network with mixed OSes, PEAP should be the - most supported standard after EAP-TLS. + network with mixed OSes, PEAP should be the most + supported standard after EAP-TLS. PEAP is similar to EAP-TTLS: it uses a server-side certificate to authenticate clients by creating an @@ -1663,13 +1695,13 @@ wlan0: flags=8843<UP,BROADCAST,RUNNIN This field contains the parameters for the - first phase of authentication (the TLS - tunnel). According to the authentication server - used, you will have to specify a specific label - for authentication. Most of the time, the label - will be client EAP encryption which - is set by using peaplabel=0. - More information can be found in the + first phase of authentication (the TLS tunnel). + According to the authentication server used, you + will have to specify a specific label for + authentication. Most of the time, the label will be + client EAP encryption which is set by + using peaplabel=0. More + information can be found in the &man.wpa.supplicant.conf.5; manual page. @@ -1726,11 +1758,12 @@ wlan0: flags=8843<UP,BROADCAST,RUNNIN + The weptxkey means which WEP - key will be used in the transmission. Here we used the - third key. This must match the setting in the access - point. If you do not have any idea of which key is - used by the access point, try + key will be used in the transmission. Here we used + the third key. This must match the setting in the + access point. If you do not have any idea of which + key is used by the access point, try 1 (i.e., the first key) for this value. @@ -1744,8 +1777,8 @@ wlan0: flags=8843<UP,BROADCAST,RUNNIN than the first key. - You must replace - the 0x3456789012 with the key + You must replace the + 0x3456789012 with the key configured for use on the access point. @@ -1782,8 +1815,8 @@ Associated with 00:13:46:49:41:76IBSS mode, also called ad-hoc mode, is designed for point to point connections. For example, to establish an ad-hoc network between the machine A and the machine - B, we will just need to choose two IP addresses - and a SSID. + B, we will just need to choose two IP + addresses and a SSID. On the box A: @@ -1826,16 +1859,16 @@ Associated with 00:13:46:49:41:76 - Both A and B are now - ready to exchange information. + Both A and B are now + ready to exchange information. &os; Host Access Points &os; can act as an Access Point (AP) which eliminates the - need to buy a hardware AP or run an ad-hoc network. This can be - particularly useful when your &os; machine is acting as a + need to buy a hardware AP or run an ad-hoc network. This can + be particularly useful when your &os; machine is acting as a gateway to another network (e.g., the Internet). @@ -1845,13 +1878,13 @@ Associated with 00:13:46:49:41:76. + use. For more details, see + . The use of the NDIS driver wrapper and the &windows; - drivers do not currently allow AP operation. Only - native &os; wireless drivers support AP mode. + drivers do not currently allow AP operation. Only native + &os; wireless drivers support AP mode. Once wireless networking support is loaded, you can @@ -1964,8 +1997,8 @@ freebsdap 00:11:95:c3:0d:ac 1 Before trying to configure hostapd, be sure you have done - the basic settings introduced in the . + the basic settings introduced in the + . WPA-PSK @@ -2023,8 +2056,8 @@ wpa_pairwise=CCMP TKIP The wpa field enables WPA and specifies which WPA authentication protocol will be - required. A value of 1 configures the - AP for WPA-PSK. + required. A value of 1 configures + the AP for WPA-PSK. @@ -2061,7 +2094,7 @@ wpa_pairwise=CCMP TKIP - The Access Point is running, the clients can now be - associated with it, see for more details. It is - possible to see the stations associated with the AP using - the ifconfig wlan0 list - sta command. + The Access Point is running, the clients can now be + associated with it, see + for more details. + It is possible to see the stations associated with the AP + using the ifconfig + wlan0 list sta + command. @@ -2129,8 +2163,8 @@ wpa_pairwise=CCMP TKIP - where an example for using both wired and wireless connection *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***