Configuring and Communicating Over WiFi Interfaces
The IEEE 802.11 specifications define wireless communications for local area networks. These
specifications and the networks they describe are referred to collectively as WiFi, a
term that is trademarked by the Wi-Fi Alliance trade group. WiFi networks are
reasonably easy to configure by both providers and prospective clients. Therefore, they are
increasingly popular and in common use throughout the world. WiFi networks use the same
radio wave technology as cellular phones, televisions, and radios.
The Solaris OS contains features that enable you to configure a system as
a WiFi client. This section explains how to use the WiFi connectivity
options of the dladm command to connect a laptop or home computer to a
local WiFi network.
Note - The Solaris OS does not contain features for configuring WiFi servers
or access points.
Finding a WiFi Network
WiFi networks typically come in three varieties:
A location that is served by WiFi is referred to as a
hot spot. Each hot spot includes an access point. The access point is a router
with a “wired” connection to the Internet, for example, Ethernet or DSL. The
Internet connection is usually through a wireless Internet service provider (WISP) or traditional
ISP.
Commercial WiFi Networks
Many hotels and cafes offer wireless Internet connections as a service to their
customers with laptop computers. These commercial hot spots have access points within their
facilities. The access points are routers with wired connections to a WISP that
serves commercial locations. Typical WISPs include independent providers and cellular phone companies.
You can use a laptop that runs the Solaris OS to connect
to a WiFi network that is offered by a hotel or other commercial
hot spot. Ask for instructions at the hot spot for connecting to the
WiFi network. Typically, the connection process involves supplying a key to a browser
that you launch upon login. You might have to pay a fee to
the hotel or WISP in order to use the network.
Commercial locations that are Internet hot spots usually advertise this capability to their
patrons. You can also find lists of wireless hot spots from various web
sites, for example, Wi-FiHotSpotList.com.
Municipal WiFi Networks
Cities throughout the world, cities have constructed free municipal WiFi networks, which their
citizens can access from systems in their homes. Municipal WiFi uses radio transmitters
on telephone poles or other outdoor locations to form a “mesh” over the
area that the network serves. These transmitters are the access points to the
municipal WiFi network. If your area is served by a municipal WiFi network,
your home might be included in the network's mesh.
Access to municipal WiFi is usually free. You can access the municipal
network from a properly equipped laptop or personal computer that runs the Solaris
OS. You do not need a home router to access the municipal network
from your system. However, configuring a home router is recommended for areas where
the signal from the municipal network is weak. Home routers are also recommended
if you require secure connections over the WiFi network. For more information, see
WiFi Networks and Security.
Private WiFi Networks
Because WiFi networks are relatively easy to configure, companies and universities use private
WiFi networks with access limited to employees or students. Private WiFi networks typically
require you to supply a key when you connect or run a secure
VPN after you connect. You need a properly equipped laptop or PC that
runs the Solaris OS and permission to use the security features in order
to connect to the private network.
Planning for WiFi Communications
Before you can connect your system to a WiFi network, complete the
following instructions.
How to Prepare a System for WiFi Communications
Before You Begin
The following preparations assumes that your system is a laptop or personal computer
that runs the Solaris Express, Developer Edition 2/07 release.
- Equip your system with a supported WiFi interface.
Your system must have a WiFi card that is supported by Solaris. For
the Solaris Express, Developer Edition 2/07, you can use WiFi cards that
support most Atheros chip sets. For a list of currently supported drivers and
chip sets, , refer to Wireless Networking for OpenSolaris.
If the interface is not already present on the system, follow the manufacturer's
instructions for installing the interface card. You configure the interface software during the
procedure How to Connect to a WiFi Network.
- Locate your system in a place that is served by a WiFi
network, either commercial, municipal, or private.
Your system must be near the access point for the network, which is
normally not a consideration for a commercial or private network hot spot. However,
if you plan to use a free municipal network, your location must be
near the transmitter access point.
- (Optional) Set up a wireless router to serve as an additional access point.
Set up your own router if no WiFi network is available at your
location. For example, if you have a DSL line, connect the wireless
router to the DSL router. Then the wireless router becomes the access point
for your wireless devices.
How to Connect to a WiFi Network
Before You Begin
The following procedure assumes that you have followed the instructions in How to Prepare a System for WiFi Communications.
- Assume the Primary Administrator role, or become superuser.
The Primary Administrator role includes the Primary Administrator profile. To create the role
and assign the role to a user, see Chapter 2, Working With the Solaris Management Console (Tasks), in System Administration Guide: Basic Administration.
- Check for available links.
# dladm show-link
ath0 type: non-vlan mtu: 1500 device: ath0
e1000g type: non-vlan mtu: 1500 device: e1000g
In this example, the output indicates that two links are available. The ath0
link supports WiFi communications using the Solaris Express, Developer Edition 2/07 software. The
e1000g link is for attaching the system to a wired network.
- Configure the WiFi interface.
Use the following steps to configure the interface:
Plumb the link that supports WiFi:
# ifconfig ath0 plumb
Verify that the link has been plumbed:
# ifconfig -a
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
e1000g: flags=2001004802<BROADCAST,RUNNING,MULTICAST,DHCP,IPv4,CoS> mtu 1500 index 2
inet 0.0.0.0 netmask 0
ether 0:e:6:4:8:1
ath0: flags=201000803<UP,BROADCAST,RUNNING,MULTICAST,IPv4,CoS> mtu 1500 index 3
inet 0.0.0.0 netmask ff000000
ether 0:b:6:e:f:18
- Check for available networks.
# dladm scan-wifi
LINK ESSID BSSID/IBSSID SEC STRENGTH MODE SPEED
ath0 net1 00:0e:38:49:01:d0 none good g 54Mb
ath0 net2 00:0e:38:49:02:f0 none very weak g 54Mb
ath0 net3 00:0d:ed:a5:47:e0 none very good g 54Mb
The example output of the scan-wifi command displays information about the available WiFi networks
at the current location. The information in the output includes:
- LINK
Link name to be used in the WiFi connection.
- ESSID
Extended Service Set ID. The ESSID is the name of the WiFi network, such as net1, net2, and net3 in the example output.
- BSSID/IBSSID
Basic Service Set ID, the unique identifier for a particular ESSID. The BSSID is the 48-bit MAC address of the nearby access point that serves the network with a particular ESSID.
- SEC
Type of security that is needed to access the network. The values are none or WEP. For information about WEP, refer to WiFi Networks and Security.
- STRENGTH
Strength of the radio signals from the WiFi networks that are available at your location.
- MODE
Version of the 802 .11 protocol that is run by the network. The modes are a, b, or g, or these modes in combination.
- SPEED
Speed in megabits per second of the particular network.
- Connect to a WiFi network.
Do either of the following:
Connect to the unsecured WiFi network with the strongest signal.
# dladm connect-wifi
Connect to an unsecured network by specifying its ESSID.
# dladm connect-wifi -e ESSID
The connect-wifi subcommand of dladm has several more options for connecting to a WiFi network. For complete details, refer to the dladm(1M) man page.
- Configure an IP address for the interface.
Do either of the following:
Obtain an IP address from a DHCP server.
# ifconfig interface dhcp start
If the WiFi network does not support DHCP, you receive the following message:
ifconfig: interface: interface does not exist or cannot be managed using DHCP
Configure a static IP address:
Use this option if you have a dedicated IP address for the system.
# ifconfig interface IP-address/CIDR-mask | netmask
- Check the status of the WiFi network to which the system is
connected.
# dladm show-wifi
LINK STATUS ESSID SEC STRENGTH MODE SPEED
ath0 connected net3 none very good g 36Mb
In this example, the output indicates that the system is now connected to
the net3 network. The earlier scan-wifi output indicated that net3 had the strongest signal
among the available networks. The dladm show-wifi command automatically chooses the WiFi network with
strongest signal, unless you directly specify a different network.
- Access the Internet through the WiFi network.
Do either of the following, depending on the network to which the system
is connected:
If the access point offers free service, you can now run a browser or an application of your choice.
If the access point is in a commercial hot spot that requires a fee, follow the instructions provided at the current location. Typically, you run a browser, supply a key, and give credit card information to the network provider.
- Conclude the session.
Do one of the following:
Terminate the WiFi session but leave the system running.
# dladm disconnect-wifi
Terminate a particular WiFi session when more than one session is currently running.
# dladm disconnect-wifi link
where link represents the interface that was used for the session.
Cleanly shut down the system while the WiFi session is running.
# shutdown -g0 -i5
You do not need to explicitly disconnect the WiFi session prior to turning off the system through the shutdown command.
Example 6-8 Connecting to a Specific WiFi Network
The following example shows a typical scenario that you might encounter when using
a laptop that runs the Solaris Express, Developer Edition 2/07 release in an
Internet coffee house.
Learn whether a WiFi link is available.
# dladm show-wifi
ath0 type: non-vlan mtu: 1500 device: ath0
The ath0 link is installed on the laptop. Configure the ath0 interface, and
verify that it is up.
# ifconfig ath0 plumb
# ifconfig -a
lo0: flags=2001000849<LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
ath0: flags=201000803<BROADCAST,RUNNING,MULTICAST,IPv4,CoS> mtu 1500 index 3
inet 0.0.0.0 netmask ff000000
ether 0:b:6b:4e:8f:18Display the available WiFi links at your location.
# dladm scan-wifi
LINK ESSID BSSID/IBSSID SEC STRENGTH MODE SPEED
ath0 net1 00:0e:38:49:01:d0 none weak g 54Mb
ath0 net2 00:0e:38:49:02:f0 none very weak g 54Mb
ath0 net3 00:0d:ed:a5:47:e0 wep very good g 54Mb
ath0 citinet 00:40:96:2a:56:b5 none good b 11Mb
The output indicates that net3 has the best signal. net3 requires a
key, for which the provider for the coffee house charges a fee. citinet
is a free network provided by the local town.
Connect to the citinet network.
# dladm connect-wifi -e citinet
The -e option of connect-wifi takes the ESSID of the preferred WiFi network
as its argument. The argument in this command is citinet, the ESSID of the
free local network. The dladm connect-wifi command offers several options for connecting to the
WiFi network. For more information, refer to the dladm(1M) man page.
Configure an IP address for the WiFi interface.
# ifconfig ath0 10.192.16.3/24 up
# ifconfig -a
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
e1000g0: flags=201004843<UP,,BROADCAST,RUNNING,MULTICAST,DHCP,IPv4,CoS> mtu 1500 index 3
inet 129.146.69.34 netmask fffffe00 broadcast 129.146.69.255
ether 0:e:7b:b5:64:a4
ath0: flags=201004843<UP,BROADCAST,RUNNING,MULTICAST,DHCP,IPv4,CoS> mtu 1500 index 4
inet 10.192.16.3 netmask ffffff00 broadcast 10.255.255.255
ether 0:b:6b:4e:8f:18This example assumes that you have the static IP address 10.192.16.3/24 configured
on your laptop.
# dladm show-wifi
LINK STATUS ESSID SEC STRENGTH MODE SPEED
ath0 connected citinet none good g 11Mb
The output indicates that the laptop is now connected to network citinet.
# firefox
The home page for the Firefox browser displays.
Run a browser or other application to commence your work over the
WiFi network.
# dladm disconnect-wifi
# dladm show-wifi
LINK STATUS ESSID SEC STRENGTH MODE SPEED
ath0 disconnected -- -- -- -- --
The output of show-wifi verifies that you have disconnected the ath0 link from
the WiFi network.
How to Monitor the WiFi Link
This procedure shows how to monitor the status of a WiFi link through
standard networking tools, and change link properties through the linkprop subcommand.
- Assume the Primary Administrator role, or become superuser.
The Primary Administrator role includes the Primary Administrator profile. To create the role
and assign the role to a user, see Chapter 2, Working With the Solaris Management Console (Tasks), in System Administration Guide: Basic Administration.
- Connect to the WiFi network, as described in How to Connect to a WiFi Network.
- View the properties of the link.
Use the following syntax:
# dladm show-linkprop interface
For example, you would use the following syntax to show the status
of the connection established over the ath0 link:
# dladm show-linkprop ath0
PROPERTY VALUE DEFAULT POSSIBLE
channel 5 -- --
powermode off off off,fast,max
radio ? on on,off
speed 36 -- 1,2,5.5,6,9,11,12,18,24,36,48,54
- Set a fixed speed for the link.
Caution - The Solaris OS automatically chooses the optimal speed for the WiFi connection. Modifying
the initial speed of the link might cause reduced performance or prevent the
establishment of certain WiFi connections.
You can modify the link speed to one of the possible values
for speed that is listed in the show-linkprop output.
# dladm set-linkprop -p speed=value link
- Check the packet flow over the link.
# netstat -I ath0 -i 5
input ath0 output input (Total) output
packets errs packets errs colls packets errs packets errs colls
317 0 106 0 0 2905 0 571 0 0
14 0 0 0 0 20 0 0 0 0
7 0 0 0 0 16 0 1 0 0
5 0 0 0 0 9 0 0 0 0
304 0 10 0 0 631 0 316 0 0
338 0 9 0 0 722 0 381 0 0
294 0 7 0 0 670 0 371 0 0
306 0 5 0 0 649 0 338 0 0
289 0 5 0 0 597 0 301 0 0
Example 6-9 Set the Speed of a Link
This example shows how to set the speed of a link after
you have connected to a WiFi network
# dladm show-linkprop -p speed ath0
PROPERTY VALUE DEFAULT POSSIBLE
speed 24 -- 1,2,5,6,9,11,12,18,24,36,48,54
# dladm set-linkprop -p speed=36 ath0
# dladm show-linkprop -p speed ath0
PROPERTY VALUE DEFAULT POSSIBLE
speed 36 -- 1,2,5,6,9,11,12,18,24,36,48,54
WiFi Networks and Security
Radio wave technology makes WiFi networks readily available and often freely accessible to
users in many locations. As a result, connecting to a WiFi network can
be an insecure undertaking. However, certain types of WiFi connections are more secure:
Connecting to a private, restricted-access WiFi network
Private networks, such as internal networks established by corporations or universities, restrict access to their networks to users who can provide the correct security challenge. Potential users must supply a key during the connection sequence or log in to the network through a secure VPN.
Encrypting your connection to the WiFi network
You can encrypt communications between your system and a WiFi network by using a secure key. Your access point to the WiFi network must be a router in your home or office with a secure key-generating feature. Your system and the router establish and then share the key before creating the secure connection.
The dladm command can use a Wired Equivalent Privacy (WEP) key for encrypting
connections through the access point. The WEP protocol is defined in IEEE 802.11
specifications for wireless connections. For complete details on the WEP-related options of the
dladm command, refer to the dladm(1M) man page.
How to Set Up an Encrypted WiFi Network Connection
The next procedure shows how to set up secure communications between a
system and a router in the home. Many wireless and wired routers for
the home have an encryption feature that can generate a secure key.
This procedure assumes that you use such a router and have its documentation
available. The procedure also assumes that your system is already plugged into the
router.
- Start the software for configuring the home router.
Refer to the manufacturer's documentation for instructions. Router manufacturers typically offer an internal web
site or a graphical user interface for router configuration.
- Generate the value for the WEP key.
Follow the manufacturer's instructions for creating a secure key for the router. The
router configuration GUI might ask you to supply a passphrase of your choice
for the key. The software then uses the passphrase to generate a hexadecimal
string, typically 5 bytes or 13 bytes in length. This string becomes the
value to be used for the WEP key.
- Apply and save the key configuration.
Refer to the manufacturer's documentation for instructions.
- Assume the Primary Administrator role, or become superuser.
The Primary Administrator role includes the Primary Administrator profile. To create the role
and assign the role to a user, see Chapter 2, Working With the Solaris Management Console (Tasks), in System Administration Guide: Basic Administration.
- Create a secure object that contains the WEP key.
Open a terminal window on the system and type the following:
# dladm create-secobj -c wep keyname
where keyname represents the name you want to give to the key.
- Supply the value for the WEP key to the secure object.
The create-secobj subcommand then runs a script that requests the value for the
key.
provide value for keyname: 5 or 13 byte key
confirm value for keyname: retype key
This value is the key that was generated by the router. The
script accepts either a five byte or thirteen byte string, in ASCII or
in hexadecimal for the key value.
- View the contents of the key that you just created.
# dladm show-secobj
OBJECT CLASS
keyname wep
where keyname is the name for the secure object.
- Make an encrypted connection to the WiFi network.
# dladm connect-wifi -e network -k keyname interface
- Verify that the connection is secure.
# dladm show-wifi
LINK STATUS ESSID SEC STRENGTH MODE SPEED
ath0 connected net1 wep good g 11Mb
The wep value under the SEC heading indicates that WEP encryption is in
place for the connection.
Example 6-10 Setting Up Encrypted WiFi Communications
This example assumes that you have already done the following:
Connected your system to a home router that can create a WEP key
Followed the router manufacturer's documentation and created the WEP key
Saved the key so that you can use it to create the secure object on your system
# dladm create-secobj -c wep mykey
provide value for mykey: *****
confirm value for mkey: *****
When you supply the WEP key generated that is by the router,
asterisks mask the value that you type.
# dladm show-secobj
OBJECT CLASS
mykey wep
# dladm connect-wifi -e citinet -k mykey ath0
This command establishes an encrypted connection to the WiFi network citinet, using
the secure object mykey.
# dladm show-wifi
LINK STATUS ESSID SEC STRENGTH MODE SPEED
ath0 connected citinet wep good g 36Mb
This output verifies that you are connected to citinet through WEP encryption.
