Configuring and Communicating Over WiFi Interfaces

The IEEE 802.11 specifications define wireless communications for local area networks. These specifications and the networks they describe are referred to collectively as WiFi, a term that is trademarked by the Wi-Fi Alliance trade group. WiFi networks are reasonably easy to configure by both providers and prospective clients. Therefore, they are increasingly popular and in common use throughout the world. WiFi networks use the same radio wave technology as cellular phones, televisions, and radios.

The Solaris OS contains features that enable you to configure a system as a WiFi client. This section explains how to use the WiFi connectivity options of the dladm command to connect a laptop or home computer to a local WiFi network.

---

Note - The Solaris OS does not contain features for configuring WiFi servers or access points.

---

Finding a WiFi Network

WiFi networks typically come in three varieties:

• Commercially available WiFi networks

• Municipal WiFi networks

• Private WiFi networks

A location that is served by WiFi is referred to as a hot spot. Each hot spot includes an access point. The access point is a router with a “wired” connection to the Internet, for example, Ethernet or DSL. The Internet connection is usually through a wireless Internet service provider (WISP) or traditional ISP.

Commercial WiFi Networks

Many hotels and cafes offer wireless Internet connections as a service to their customers with laptop computers. These commercial hot spots have access points within their facilities. The access points are routers with wired connections to a WISP that serves commercial locations. Typical WISPs include independent providers and cellular phone companies.

You can use a laptop that runs the Solaris OS to connect to a WiFi network that is offered by a hotel or other commercial hot spot. Ask for instructions at the hot spot for connecting to the WiFi network. Typically, the connection process involves supplying a key to a browser that you launch upon login. You might have to pay a fee to the hotel or WISP in order to use the network.

Commercial locations that are Internet hot spots usually advertise this capability to their patrons. You can also find lists of wireless hot spots from various web sites, for example, Wi-FiHotSpotList.com.

Municipal WiFi Networks

Cities throughout the world, cities have constructed free municipal WiFi networks, which their citizens can access from systems in their homes. Municipal WiFi uses radio transmitters on telephone poles or other outdoor locations to form a “mesh” over the area that the network serves. These transmitters are the access points to the municipal WiFi network. If your area is served by a municipal WiFi network, your home might be included in the network's mesh.

Access to municipal WiFi is usually free. You can access the municipal network from a properly equipped laptop or personal computer that runs the Solaris OS. You do not need a home router to access the municipal network from your system. However, configuring a home router is recommended for areas where the signal from the municipal network is weak. Home routers are also recommended if you require secure connections over the WiFi network. For more information, see WiFi Networks and Security.

Private WiFi Networks

Because WiFi networks are relatively easy to configure, companies and universities use private WiFi networks with access limited to employees or students. Private WiFi networks typically require you to supply a key when you connect or run a secure VPN after you connect. You need a properly equipped laptop or PC that runs the Solaris OS and permission to use the security features in order to connect to the private network.

Planning for WiFi Communications

Before you can connect your system to a WiFi network, complete the following instructions.

How to Prepare a System for WiFi Communications

Before You Begin

The following preparations assumes that your system is a laptop or personal computer that runs the Solaris Express, Developer Edition 2/07 release.

1. Equip your system with a supported WiFi interface.

   Your system must have a WiFi card that is supported by Solaris. For the Solaris Express, Developer Edition 2/07, you can use WiFi cards that support most Atheros chip sets. For a list of currently supported drivers and chip sets, , refer to Wireless Networking for OpenSolaris.

   If the interface is not already present on the system, follow the manufacturer's instructions for installing the interface card. You configure the interface software during the procedure How to Connect to a WiFi Network.

2. Locate your system in a place that is served by a WiFi network, either commercial, municipal, or private.

   Your system must be near the access point for the network, which is normally not a consideration for a commercial or private network hot spot. However, if you plan to use a free municipal network, your location must be near the transmitter access point.

3. (Optional) Set up a wireless router to serve as an additional access point.

   Set up your own router if no WiFi network is available at your location. For example, if you have a DSL line, connect the wireless router to the DSL router. Then the wireless router becomes the access point for your wireless devices.

How to Connect to a WiFi Network

Before You Begin

The following procedure assumes that you have followed the instructions in How to Prepare a System for WiFi Communications.

1. Assume the Primary Administrator role, or become superuser.

   The Primary Administrator role includes the Primary Administrator profile. To create the role and assign the role to a user, see Chapter 2, Working With the Solaris Management Console (Tasks), in System Administration Guide: Basic Administration.

2. Check for available links.

   # dladm show-link
   ath0             type: non-vlan  mtu: 1500       device: ath0
   e1000g           type: non-vlan  mtu: 1500       device: e1000g

   In this example, the output indicates that two links are available. The ath0 link supports WiFi communications using the Solaris Express, Developer Edition 2/07 software. The e1000g link is for attaching the system to a wired network.

3. Configure the WiFi interface.

   Use the following steps to configure the interface:

   • Plumb the link that supports WiFi:

     # ifconfig ath0 plumb

   • Verify that the link has been plumbed:

     # ifconfig -a
     
     lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
             inet 127.0.0.1 netmask ff000000
     e1000g: flags=2001004802<BROADCAST,RUNNING,MULTICAST,DHCP,IPv4,CoS> mtu 1500 index 2
             inet 0.0.0.0 netmask 0
             ether 0:e:6:4:8:1
     ath0: flags=201000803<UP,BROADCAST,RUNNING,MULTICAST,IPv4,CoS> mtu 1500 index 3
             inet 0.0.0.0 netmask ff000000
             ether 0:b:6:e:f:18

4. Check for available networks.

   # dladm scan-wifi
    LINK       ESSID         BSSID/IBSSID       SEC     STRENGTH   MODE   SPEED
    ath0       net1         00:0e:38:49:01:d0  none     good       g      54Mb
    ath0       net2         00:0e:38:49:02:f0  none     very weak  g      54Mb
    ath0       net3         00:0d:ed:a5:47:e0  none     very good  g      54Mb
    

   The example output of the scan-wifi command displays information about the available WiFi networks at the current location. The information in the output includes:

   LINK

   Link name to be used in the WiFi connection.

   ESSID

   Extended Service Set ID. The ESSID is the name of the WiFi network, such as net1, net2, and net3 in the example output.

   BSSID/IBSSID

   Basic Service Set ID, the unique identifier for a particular ESSID. The BSSID is the 48-bit MAC address of the nearby access point that serves the network with a particular ESSID.

   SEC

   Type of security that is needed to access the network. The values are none or WEP. For information about WEP, refer to WiFi Networks and Security.

   STRENGTH

   Strength of the radio signals from the WiFi networks that are available at your location.

   MODE

   Version of the 802 .11 protocol that is run by the network. The modes are a, b, or g, or these modes in combination.

   SPEED

   Speed in megabits per second of the particular network.

5. Connect to a WiFi network.

   Do either of the following:

   • Connect to the unsecured WiFi network with the strongest signal.

     # dladm connect-wifi

   • Connect to an unsecured network by specifying its ESSID.

     # dladm connect-wifi -e ESSID

     The connect-wifi subcommand of dladm has several more options for connecting to a WiFi network. For complete details, refer to the dladm(1M) man page.

6. Configure an IP address for the interface.

   Do either of the following:

   • Obtain an IP address from a DHCP server.

     # ifconfig interface dhcp start

     If the WiFi network does not support DHCP, you receive the following message:

     ifconfig: interface: interface does not exist or cannot be managed using DHCP

   • Configure a static IP address:

     Use this option if you have a dedicated IP address for the system.

     # ifconfig interface IP-address/CIDR-mask | netmask

7. Check the status of the WiFi network to which the system is connected.

   # dladm show-wifi
   LINK       STATUS        ESSID         SEC     STRENGTH   MODE   SPEED
   ath0       connected     net3         none    very good   g      36Mb

   In this example, the output indicates that the system is now connected to the net3 network. The earlier scan-wifi output indicated that net3 had the strongest signal among the available networks. The dladm show-wifi command automatically chooses the WiFi network with strongest signal, unless you directly specify a different network.

8. Access the Internet through the WiFi network.

   Do either of the following, depending on the network to which the system is connected:

   • If the access point offers free service, you can now run a browser or an application of your choice.

   • If the access point is in a commercial hot spot that requires a fee, follow the instructions provided at the current location. Typically, you run a browser, supply a key, and give credit card information to the network provider.

9. Conclude the session.

   Do one of the following:

   • Terminate the WiFi session but leave the system running.

     # dladm disconnect-wifi 

   • Terminate a particular WiFi session when more than one session is currently running.

     # dladm disconnect-wifi link

     where link represents the interface that was used for the session.

   • Cleanly shut down the system while the WiFi session is running.

     # shutdown -g0 -i5

     You do not need to explicitly disconnect the WiFi session prior to turning off the system through the shutdown command.

Example 6-8 Connecting to a Specific WiFi Network

The following example shows a typical scenario that you might encounter when using a laptop that runs the Solaris Express, Developer Edition 2/07 release in an Internet coffee house.

Learn whether a WiFi link is available.

# dladm show-wifi
ath0             type: non-vlan    mtu: 1500         device: ath0

The ath0 link is installed on the laptop. Configure the ath0 interface, and verify that it is up.

# ifconfig ath0 plumb
# ifconfig -a
lo0: flags=2001000849<LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
        inet 127.0.0.1 netmask ff000000
ath0: flags=201000803<BROADCAST,RUNNING,MULTICAST,IPv4,CoS> mtu 1500 index 3
        inet 0.0.0.0 netmask ff000000
        ether 0:b:6b:4e:8f:18

Display the available WiFi links at your location.

# dladm scan-wifi
 LINK       ESSID         BSSID/IBSSID       SEC     STRENGTH   MODE   SPEED
 ath0       net1         00:0e:38:49:01:d0  none     weak       g      54Mb
 ath0       net2         00:0e:38:49:02:f0  none     very weak  g      54Mb
 ath0       net3         00:0d:ed:a5:47:e0  wep      very good  g      54Mb
 ath0       citinet      00:40:96:2a:56:b5  none     good       b      11Mb

The output indicates that net3 has the best signal. net3 requires a key, for which the provider for the coffee house charges a fee. citinet is a free network provided by the local town.

Connect to the citinet network.

# dladm connect-wifi -e citinet

The -e option of connect-wifi takes the ESSID of the preferred WiFi network as its argument. The argument in this command is citinet, the ESSID of the free local network. The dladm connect-wifi command offers several options for connecting to the WiFi network. For more information, refer to the dladm(1M) man page.

Configure an IP address for the WiFi interface.

# ifconfig ath0 10.192.16.3/24 up
# ifconfig -a
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
        inet 127.0.0.1 netmask ff000000
e1000g0: flags=201004843<UP,,BROADCAST,RUNNING,MULTICAST,DHCP,IPv4,CoS> mtu 1500 index 3
        inet 129.146.69.34 netmask fffffe00 broadcast 129.146.69.255
        ether 0:e:7b:b5:64:a4
ath0: flags=201004843<UP,BROADCAST,RUNNING,MULTICAST,DHCP,IPv4,CoS> mtu 1500 index 4
        inet 10.192.16.3 netmask ffffff00 broadcast 10.255.255.255
        ether 0:b:6b:4e:8f:18

This example assumes that you have the static IP address 10.192.16.3/24 configured on your laptop.

# dladm show-wifi
LINK       STATUS        ESSID         SEC     STRENGTH   MODE   SPEED
ath0       connected     citinet       none    good       g      11Mb

The output indicates that the laptop is now connected to network citinet.

# firefox

The home page for the Firefox browser displays.

Run a browser or other application to commence your work over the WiFi network.

# dladm disconnect-wifi
# dladm show-wifi
LINK       STATUS        ESSID         SEC     STRENGTH   MODE   SPEED
ath0       disconnected   --            --       --       --       --

The output of show-wifi verifies that you have disconnected the ath0 link from the WiFi network.

How to Monitor the WiFi Link

This procedure shows how to monitor the status of a WiFi link through standard networking tools, and change link properties through the linkprop subcommand.

1. Assume the Primary Administrator role, or become superuser.

   The Primary Administrator role includes the Primary Administrator profile. To create the role and assign the role to a user, see Chapter 2, Working With the Solaris Management Console (Tasks), in System Administration Guide: Basic Administration.

2. Connect to the WiFi network, as described in How to Connect to a WiFi Network.
3. View the properties of the link.

   Use the following syntax:

   # dladm show-linkprop interface

   For example, you would use the following syntax to show the status of the connection established over the ath0 link:

   # dladm show-linkprop ath0
   PROPERTY        VALUE           DEFAULT         POSSIBLE
   channel         5               --              -- 
   powermode       off             off             off,fast,max
   radio           ?               on              on,off 
   speed           36               --              1,2,5.5,6,9,11,12,18,24,36,48,54

4. Set a fixed speed for the link.

   ---

   Caution - The Solaris OS automatically chooses the optimal speed for the WiFi connection. Modifying the initial speed of the link might cause reduced performance or prevent the establishment of certain WiFi connections.

   ---

   You can modify the link speed to one of the possible values for speed that is listed in the show-linkprop output.

   # dladm set-linkprop -p speed=value link

5. Check the packet flow over the link.

   # netstat -I ath0 -i 5
      input   ath0      output       input  (Total)    output
   packets errs  packets errs  colls  packets errs  packets errs  colls
   317     0     106     0     0      2905    0     571     0     0
   14      0     0       0     0      20      0     0       0     0
   7       0     0       0     0      16      0     1       0     0
   5       0     0       0     0      9       0     0       0     0
   304     0     10      0     0      631     0     316     0     0
   338     0     9       0     0      722     0     381     0     0
   294     0     7       0     0      670     0     371     0     0
   306     0     5       0     0      649     0     338     0     0
   289     0     5       0     0      597     0     301     0     0

Example 6-9 Set the Speed of a Link

This example shows how to set the speed of a link after you have connected to a WiFi network

# dladm show-linkprop -p speed ath0
PROPERTY        VALUE           DEFAULT         POSSIBLE
speed           24               --              1,2,5,6,9,11,12,18,24,36,48,54
# dladm set-linkprop -p speed=36 ath0

# dladm show-linkprop -p speed ath0
PROPERTY        VALUE           DEFAULT         POSSIBLE
speed           36               --              1,2,5,6,9,11,12,18,24,36,48,54

WiFi Networks and Security

Radio wave technology makes WiFi networks readily available and often freely accessible to users in many locations. As a result, connecting to a WiFi network can be an insecure undertaking. However, certain types of WiFi connections are more secure:

• Connecting to a private, restricted-access WiFi network

  Private networks, such as internal networks established by corporations or universities, restrict access to their networks to users who can provide the correct security challenge. Potential users must supply a key during the connection sequence or log in to the network through a secure VPN.

• Encrypting your connection to the WiFi network

  You can encrypt communications between your system and a WiFi network by using a secure key. Your access point to the WiFi network must be a router in your home or office with a secure key-generating feature. Your system and the router establish and then share the key before creating the secure connection.

The dladm command can use a Wired Equivalent Privacy (WEP) key for encrypting connections through the access point. The WEP protocol is defined in IEEE 802.11 specifications for wireless connections. For complete details on the WEP-related options of the dladm command, refer to the dladm(1M) man page.

How to Set Up an Encrypted WiFi Network Connection

The next procedure shows how to set up secure communications between a system and a router in the home. Many wireless and wired routers for the home have an encryption feature that can generate a secure key. This procedure assumes that you use such a router and have its documentation available. The procedure also assumes that your system is already plugged into the router.

1. Start the software for configuring the home router.

   Refer to the manufacturer's documentation for instructions. Router manufacturers typically offer an internal web site or a graphical user interface for router configuration.

2. Generate the value for the WEP key.

   Follow the manufacturer's instructions for creating a secure key for the router. The router configuration GUI might ask you to supply a passphrase of your choice for the key. The software then uses the passphrase to generate a hexadecimal string, typically 5 bytes or 13 bytes in length. This string becomes the value to be used for the WEP key.

3. Apply and save the key configuration.

   Refer to the manufacturer's documentation for instructions.

4. Assume the Primary Administrator role, or become superuser.

   The Primary Administrator role includes the Primary Administrator profile. To create the role and assign the role to a user, see Chapter 2, Working With the Solaris Management Console (Tasks), in System Administration Guide: Basic Administration.

5. Create a secure object that contains the WEP key.

   Open a terminal window on the system and type the following:

   # dladm create-secobj -c wep keyname

   where keyname represents the name you want to give to the key.

6. Supply the value for the WEP key to the secure object.

   The create-secobj subcommand then runs a script that requests the value for the key.

   provide value for keyname: 5 or 13 byte key
   confirm value for keyname: retype key

   This value is the key that was generated by the router. The script accepts either a five byte or thirteen byte string, in ASCII or in hexadecimal for the key value.

7. View the contents of the key that you just created.

   # dladm show-secobj
   OBJECT               CLASS
   keyname                wep

   where keyname is the name for the secure object.

8. Make an encrypted connection to the WiFi network.

   # dladm connect-wifi -e network -k keyname interface

9. Verify that the connection is secure.

   # dladm show-wifi
   LINK       STATUS        ESSID         SEC     STRENGTH   MODE   SPEED
   ath0       connected     net1          wep     good       g      11Mb

   The wep value under the SEC heading indicates that WEP encryption is in place for the connection.

Example 6-10 Setting Up Encrypted WiFi Communications

This example assumes that you have already done the following:

• Connected your system to a home router that can create a WEP key

• Followed the router manufacturer's documentation and created the WEP key

• Saved the key so that you can use it to create the secure object on your system

# dladm create-secobj -c wep mykey
provide value for mykey: *****
confirm value for mkey: *****

When you supply the WEP key generated that is by the router, asterisks mask the value that you type.

# dladm show-secobj
OBJECT               CLASS
 mykey               wep
# dladm connect-wifi -e citinet -k mykey ath0

This command establishes an encrypted connection to the WiFi network citinet, using the secure object mykey.

# dladm show-wifi
LINK       STATUS        ESSID         SEC     STRENGTH   MODE   SPEED
ath0       connected     citinet       wep     good       g      36Mb

This output verifies that you are connected to citinet through WEP encryption.