From owner-svn-doc-head@freebsd.org  Thu Jul  2 00:14:32 2015
Return-Path: <owner-svn-doc-head@freebsd.org>
Delivered-To: svn-doc-head@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 25AC7992CD6;
 Thu,  2 Jul 2015 00:14:32 +0000 (UTC)
 (envelope-from wblock@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2001:1900:2254:2068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 154911092;
 Thu,  2 Jul 2015 00:14:32 +0000 (UTC)
 (envelope-from wblock@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.70])
 by repo.freebsd.org (8.14.9/8.14.9) with ESMTP id t620EVak054675;
 Thu, 2 Jul 2015 00:14:31 GMT (envelope-from wblock@FreeBSD.org)
Received: (from wblock@localhost)
 by repo.freebsd.org (8.14.9/8.14.9/Submit) id t620EVCF054674;
 Thu, 2 Jul 2015 00:14:31 GMT (envelope-from wblock@FreeBSD.org)
Message-Id: <201507020014.t620EVCF054674@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: wblock set sender to
 wblock@FreeBSD.org using -f
From: Warren Block <wblock@FreeBSD.org>
Date: Thu, 2 Jul 2015 00:14:31 +0000 (UTC)
To: doc-committers@freebsd.org, svn-doc-all@freebsd.org,
 svn-doc-head@freebsd.org
Subject: svn commit: r46911 -
 head/en_US.ISO8859-1/books/handbook/advanced-networking
X-SVN-Group: doc-head
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-doc-head@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: SVN commit messages for the doc tree for head
 <svn-doc-head.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/svn-doc-head>,
 <mailto:svn-doc-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-doc-head/>
List-Post: <mailto:svn-doc-head@freebsd.org>
List-Help: <mailto:svn-doc-head-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-doc-head>,
 <mailto:svn-doc-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Jul 2015 00:14:32 -0000

Author: wblock
Date: Thu Jul  2 00:14:31 2015
New Revision: 46911
URL: https://svnweb.freebsd.org/changeset/doc/46911

Log:
  Update the WPA-PSK access point section at Mark Felder's request, who
  supplied the ifconfig output.  Also update some of the defaults and
  suggestions for the current era: WPA2 and CCMP/AES.
  
  Submitted by:	Mark Felder <feld@FreeBSD.org>
  Reviewed by:	adrian
  Differential Revision:

Modified:
  head/en_US.ISO8859-1/books/handbook/advanced-networking/chapter.xml

Modified: head/en_US.ISO8859-1/books/handbook/advanced-networking/chapter.xml
==============================================================================
--- head/en_US.ISO8859-1/books/handbook/advanced-networking/chapter.xml	Wed Jul  1 13:35:19 2015	(r46910)
+++ head/en_US.ISO8859-1/books/handbook/advanced-networking/chapter.xml	Thu Jul  2 00:14:31 2015	(r46911)
@@ -1935,11 +1935,11 @@ freebsdap       00:11:95:c3:0d:ac    1  
 	  roam:rate 5 protmode CTS wme burst</screen>
       </sect3>
 
-      <sect3>
-	<title><acronym>WPA</acronym> Host-based Access Point</title>
+      <sect3 xml:id="network-wireless-ap-wpa">
+	<title><acronym>WPA2</acronym> Host-based Access Point</title>
 
 	<para>This section focuses on setting up a &os;
-	  <acronym>AP</acronym> using the <acronym>WPA</acronym>
+	  access point using the <acronym>WPA2</acronym>
 	  security protocol.  More details regarding
 	  <acronym>WPA</acronym> and the configuration of
 	  <acronym>WPA</acronym>-based wireless clients can be found
@@ -1947,13 +1947,13 @@ freebsdap       00:11:95:c3:0d:ac    1  
 
 	<para>The &man.hostapd.8; daemon is used to deal with client
 	  authentication and key management on the
-	  <acronym>WPA</acronym>-enabled <acronym>AP</acronym>.</para>
+	  <acronym>WPA2</acronym>-enabled <acronym>AP</acronym>.</para>
 
 	<para>The following configuration operations are performed
 	  on the &os; machine acting as the <acronym>AP</acronym>.
 	  Once the <acronym>AP</acronym> is correctly working,
-	  &man.hostapd.8; should be automatically enabled at boot
-	  with the following line in
+	  &man.hostapd.8; can be automatically started at boot
+	  with this line in
 	  <filename>/etc/rc.conf</filename>:</para>
 
 	<programlisting>hostapd_enable="YES"</programlisting>
@@ -1963,95 +1963,95 @@ freebsdap       00:11:95:c3:0d:ac    1  
 	    linkend="network-wireless-ap-basic"/>.</para>
 
 	<sect4>
-	  <title><acronym>WPA-PSK</acronym></title>
+	  <title><acronym>WPA2-PSK</acronym></title>
 
-	  <para><acronym>WPA-PSK</acronym> is intended for small
+	  <para><acronym>WPA2-PSK</acronym> is intended for small
 	    networks where the use of a backend authentication server
 	    is not possible or desired.</para>
 
 	  <para>The configuration is done in
 	    <filename>/etc/hostapd.conf</filename>:</para>
 
-	  <programlisting>interface=wlan0 <co xml:id="co-ap-wpapsk-iface"/>
-debug=1 <co xml:id="co-ap-wpapsk-dbug"/>
-ctrl_interface=/var/run/hostapd <co xml:id="co-ap-wpapsk-ciface"/>
-ctrl_interface_group=wheel <co xml:id="co-ap-wpapsk-cifacegrp"/>
-ssid=freebsdap <co xml:id="co-ap-wpapsk-ssid"/>
-wpa=1 <co xml:id="co-ap-wpapsk-wpa"/>
-wpa_passphrase=freebsdmall <co xml:id="co-ap-wpapsk-pass"/>
-wpa_key_mgmt=WPA-PSK <co xml:id="co-ap-wpapsk-kmgmt"/>
-wpa_pairwise=CCMP TKIP <co xml:id="co-ap-wpapsk-pwise"/></programlisting>
+	  <programlisting>interface=wlan0                  <co xml:id="co-ap-wpapsk-iface"/>
+debug=1                          <co xml:id="co-ap-wpapsk-dbug"/>
+ctrl_interface=/var/run/hostapd  <co xml:id="co-ap-wpapsk-ciface"/>
+ctrl_interface_group=wheel       <co xml:id="co-ap-wpapsk-cifacegrp"/>
+ssid=freebsdap                   <co xml:id="co-ap-wpapsk-ssid"/>
+wpa=2                            <co xml:id="co-ap-wpapsk-wpa"/>
+wpa_passphrase=freebsdmall       <co xml:id="co-ap-wpapsk-pass"/>
+wpa_key_mgmt=WPA-PSK             <co xml:id="co-ap-wpapsk-kmgmt"/>
+wpa_pairwise=CCMP                <co xml:id="co-ap-wpapsk-pwise"/></programlisting>
 
 	  <calloutlist>
 	    <callout arearefs="co-ap-wpapsk-iface">
-	      <para>This field indicates the wireless interface used
-		for the <acronym>AP</acronym>.</para>
+	      <para>Wireless interface used
+		for the access point.</para>
 	    </callout>
 
 	    <callout arearefs="co-ap-wpapsk-dbug">
-	      <para>This field sets the level of verbosity during the
+	      <para>Level of verbosity used during the
 		execution of &man.hostapd.8;.  A value of
 		<literal>1</literal> represents the minimal
 		level.</para>
 	    </callout>
 
 	    <callout arearefs="co-ap-wpapsk-ciface">
-	      <para>The <literal>ctrl_interface</literal> field gives
-		the pathname of the directory used by &man.hostapd.8;
-		to store its domain socket files for the communication
+	      <para>Pathname of the directory used by &man.hostapd.8;
+		to store domain socket files for communication
 		with external programs such as &man.hostapd.cli.8;.
 		The default value is used in this example.</para>
 	    </callout>
 
 	    <callout arearefs="co-ap-wpapsk-cifacegrp">
-	      <para>The <literal>ctrl_interface_group</literal> line
-		sets the group which is allowed to access the control
+	      <para>The group allowed to access the control
 		interface files.</para>
 	    </callout>
 
 	    <callout arearefs="co-ap-wpapsk-ssid">
-	      <para>This field sets the network name.</para>
+	      <para>The wireless network name, or
+		<acronym>SSID</acronym>, that will appear in wireless
+		scans.</para>
 	    </callout>
 
 	    <callout arearefs="co-ap-wpapsk-wpa">
-	      <para>The <literal>wpa</literal> field enables
-		<acronym>WPA</acronym> and specifies which
+	      <para>Enable
+		<acronym>WPA</acronym> and specify which
 		<acronym>WPA</acronym> authentication protocol will
-		be required.  A value of <literal>1</literal>
+		be required.  A value of <literal>2</literal>
 		configures the <acronym>AP</acronym> for
-		<acronym>WPA-PSK</acronym>.</para>
+		<acronym>WPA2</acronym> and is recommended.
+		Set to <literal>1</literal> only if the obsolete
+		<acronym>WPA</acronym> is required.</para>
 	    </callout>
 
 	    <callout arearefs="co-ap-wpapsk-pass">
-	      <para>The <literal>wpa_passphrase</literal> field
-		contains the ASCII passphrase for
+	      <para>ASCII passphrase for
 		<acronym>WPA</acronym> authentication.</para>
 
 	      <warning>
-		<para>Always use strong passwords that are
-		  sufficiently long and made from a rich alphabet so
+		<para>Always use strong passwords that are at least
+		  8 characters long and made from a rich alphabet so
 		  that they will not be easily guessed or
 		  attacked.</para>
 	      </warning>
 	    </callout>
 
 	    <callout arearefs="co-ap-wpapsk-kmgmt">
-	      <para>The <literal>wpa_key_mgmt</literal> line refers
-		to the key management protocol to use.  This example
+	      <para>The
+		key management protocol to use.  This example
 		sets <acronym>WPA-PSK</acronym>.</para>
 	    </callout>
 
 	    <callout arearefs="co-ap-wpapsk-pwise">
-	      <para>The <literal>wpa_pairwise</literal> field
-		indicates the set of accepted encryption algorithms by
-		the <acronym>AP</acronym>.  In this example, both
-		<acronym>TKIP</acronym> (<acronym>WPA</acronym>) and
-		<acronym>CCMP</acronym> (<acronym>WPA2</acronym>)
-		ciphers are accepted.  The <acronym>CCMP</acronym>
-		cipher is an alternative to <acronym>TKIP</acronym>
+	      <para>Encryption algorithms accepted by
+		the access point.  In this example, only
+		the
+		<acronym>CCMP</acronym> (<acronym>AES</acronym>)
+		cipher is accepted.  <acronym>CCMP</acronym>
+		is an alternative to <acronym>TKIP</acronym>
 		and is strongly preferred when possible.
-		<acronym>TKIP</acronym> should be used solely for
-		stations incapable of doing
+		<acronym>TKIP</acronym> should be allowed only when
+		there are stations incapable of using
 		<acronym>CCMP</acronym>.</para>
 	    </callout>
 	  </calloutlist>
@@ -2061,14 +2061,18 @@ wpa_pairwise=CCMP TKIP <co xml:id="co-ap
 	  <screen>&prompt.root; <userinput>service hostapd forcestart</userinput></screen>
 
 	  <screen>&prompt.root; <userinput>ifconfig <replaceable>wlan0</replaceable></userinput>
-  wlan0: flags=8843&lt;UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST&gt; mtu 2290
-	  inet 192.168.0.1 netmask 0xffffff00 broadcast 192.168.0.255
-	  inet6 fe80::211:95ff:fec3:dac%ath0 prefixlen 64 scopeid 0x4
-	  ether 00:11:95:c3:0d:ac
-	  media: IEEE 802.11 Wireless Ethernet autoselect mode 11g &lt;hostap&gt;
-	  status: associated
-	  ssid freebsdap channel 1 bssid 00:11:95:c3:0d:ac
-	  authmode WPA2/802.11i privacy MIXED deftxkey 2 TKIP 2:128-bit txpowmax 36 protmode CTS dtimperiod 1 bintval 100</screen>
+wlan0: flags=8943&lt;UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST&gt; metric 0 mtu 1500
+	ether 04:f0:21:16:8e:10
+	inet6 fe80::6f0:21ff:fe16:8e10%wlan0 prefixlen 64 scopeid 0x9
+	nd6 options=21&lt;PERFORMNUD,AUTO_LINKLOCAL&gt;
+	media: IEEE 802.11 Wireless Ethernet autoselect mode 11na &lt;hostap&gt;
+	status: running
+	ssid No5ignal channel 36 (5180 MHz 11a ht/40+) bssid 04:f0:21:16:8e:10
+	country US ecm authmode WPA2/802.11i privacy MIXED deftxkey 2
+	AES-CCM 2:128-bit AES-CCM 3:128-bit txpower 17 mcastrate 6 mgmtrate 6
+	scanvalid 60 ampdulimit 64k ampdudensity 8 shortgi wme burst
+	dtimperiod 1 -dfs
+	groups: wlan</screen>
 
 	  <para>Once the <acronym>AP</acronym> is running, the
 	    clients can associate with it.  See <xref