} ) means automatically determine
the best rate
Mandatory options and default parameters are in bold font.
| Option | Parameter | Description |
|---|---|---|
| type | broadcom | Broadcom based card |
| atheros | Madwifi driver | |
| mode | ap | Access point mode |
| sta | Client mode | |
| adhoc | Ad-Hoc mode | |
| wds | WDS point-to-point link over wireless | |
| monitor | The node acts as a passive monitor and only receives packets | |
| ssid | <String> | Set the SSID (Network Name) |
| country | {ALL|DE|JP|US|...} | The country code used to determine the regulatory settings. |
| Option | Parameter | Description |
|---|---|---|
| security | none | No authorization |
| wep | WEP key | |
| wpa-psk | WPA with preshared key | |
| 8021x | IEEE 802.1X authentication | |
| authorization | wpa-psk | |
| psk | WPA PSK | |
| psk2 | WPA2 PSK | |
| psk psk2 | WPA PSK and WPA2 PSK | |
| 8021x | ||
| wpa | WPA with RADIUS | |
| wpa2 | WPA2 with RADIUS | |
| wpa wpa2 | WPA and WPA2 | |
| encryption | wep | |
| -- | not needed, automatically by key size | |
| wpa-psk | ||
| tkip | RC4 encryption | |
| aes | AES encryption | |
| aes+tkip | support both | |
| 8021x | ||
| wep | RC4 encryption (static) | |
| tkip | RC4 encryption | |
| aes | AES encryption | |
| aes+tkip | support both | |
| eap-type | 8021x | |
| tls | Transport Layer Security | |
| ttls | Tunnelled TLS | |
| peap | Protected EAP | |
| leap | Cisco Wireless | |
| key | wep | |
| {1|2|3|4} | Select WEP key to use. | |
| key[1..4] | wep | |
| <String> | WEP key. The key must be 5, 13 or 16 bytes long, or 10, 26, 32, or 64 hex digits long. The encryption algorithm is automatically selected based on the key size. key1 is the key for WEP client mode. | |
| wpa-key | wpa-psk | |
| <String> | Password to use with WPA/WPA2 PSK (at least 8, up to 63 chars) | |
| wpa-gtk-rekey | wpa-psk, 8021x | |
| <Int> (3600) | Rekeying interval in seconds. | |
| radius-ipaddr | 8021x | |
| <a.b.c.d> | IP to connect. | |
| radius-port | 8021x | |
| <Int> (1812) | RADIUS-Port no. to connect | |
| radius-key | 8021x | |
| <String> | Shared Secret for connection to the Radius server |
| Option | Parameter | Description |
|---|---|---|
| macmode | {0|1|2} | 0: Disable MAC address matching. |
| 1: Deny association to stations on the MAC list. | ||
| 2: Allow association to stations on the MAC list. | ||
| maclist | <MAC1> ...<MACn> | List of space separated mac addresses to allow/deny according to macmode. Addresses should be entered with colons, e.g.: "00:02:2D:08:E2:1D 00:03:3E:05:E1:1B" |
| Option | Parameter | Description |
|---|---|---|
| lazywds | {0|1} | Accept WDS connections from anyone |
| wds-bridge | br{X} | Add WDS peers to bridge brX |
| wds-security | {wpa-psk} | secure the wds bridge with WPA (optional) |
| wds-encryption | {aes|tkip} | Use AES or TKIP as cipher |
| wds-wpa-key | <String> | Password to use with WPA PSK (at least 8, up to 63 chars) |
| wds | <MAC1> ...<MACn> | List of WDS peer mac addresses (xx:xx:xx:xx:xx:xx, space separated) |
| Option | Parameter | Description |
|---|---|---|
| channel | {1-14} | The wifi channel |
| maxassoc | {1-255} | Maximum number of associated clients |
| gmode | Set the 54g Mode | |
| Auto | default | |
| LegacyB | ||
| GOnly | ||
| BDeferred | ||
| Performance | ||
| LRS | ||
| frameburst | {0|1} | Disable/Enable frameburst mode. |
| txpower | {0-255|} |
Set the transmit power in dBm |
| rate | <Int> () |
force a fixed rate |
| valid values for 802.11a are (6, 9, 12, 18, 24, 36, 48, 54) | ||
| valid values for 802.11b are (1, 2, 5.5, 11) | ||
| valid values for 802.11g are (1, 2, 5.5, 6, 9, 11, 12, 18, 24, 36, 48, 54) | ||
| means automatically determine
the best rate |
||
| rts | {0-2347} | Set the RTS threshhold. |
| frag | {256-2346} | Set the fragmentation threshhold. |
| afterburner | {0|1} | Enable Afterburner capability |
| isolate | {0|1} | Hide Clients from each other |
| bridge-if | {br0..brX} | The bridge interface (optional) |
This combination works with any kind of WPA client implementation.
[label=\file{/etc/network/interfaces}]
auto eth1
iface eth1 inet static
address 192.168.10.1
netmask 255.255.255.0
broadcast +
wireless-type broadcom
wireless-country DE
wireless-mode ap
wireless-ssid FreeWRT
wireless-security wpa-psk
wireless-authorization psk psk2
wireless-encryption aes+tkip
wireless-wpa-key 12345678
wireless-channel 11
If you want to do MAC filtering, add the following to the sample above:
[label=\file{/etc/network/interfaces}]
wireless-macmode 2
wireless-mac 00:01:02:03:04:05 06:07:08:09:0a:0b
this enables the filter and defines the list to contain addresses that should be allowed.
If you already use VPN to secure your connection, you can just use an unencrypted setup and setup the firewall on your embedded device.
[label=\file{/etc/network/interfaces}]
auto eth1
iface eth1 inet static
address 192.168.10.1
netmask 255.255.255.0
broadcast +
wireless-type broadcom
wireless-country DE
wireless-mode ap
wireless-ssid FreeWRT
wireless-security none
wireless-channel 11
This can only be used in routing mode, you can not bridge it with LAN or WAN interfaces.
[label=\file{/etc/network/interfaces}]
auto eth1
iface eth1 inet static
address 192.168.10.1
netmask 255.255.255.0
broadcast +
wireless-type broadcom
wireless-country DE
wireless-mode sta
wireless-ssid FreeWRT
wireless-security wpa-psk
wireless-authorization psk2
wireless-encryption aes
wireless-wpa-key 12345678
WLAN with WDS nodes, the WDS nodes need to have the same SSID, channel and encryption parameters. The WDS connection is separetely secured via WPA1 and AES. WPA2 for WDS connection security is _not_ working.
WDS node 1 (MAC of Wireless 06:05:04:03:02:01)
[label=\file{/etc/network/interfaces}]
auto br0
iface br0 inet static
bridge-ifaces eth1
address 192.168.10.1
netmask 255.255.255.0
broadcast +
wireless-type broadcom
wireless-country DE
wireless-mode wds
wireless-ssid FreeWRT-WDS
wireless-security wpa-psk
wireless-authorization psk psk2
wireless-encryption aes+tkip
wireless-wpa-key apkey
wireless-lazywds 1
wireless-wds-security wpa-psk
wireless-wds-encryption aes
wireless-wds-wpa-key wdskey
wireless-wds 01:02:03:04:05:06
wireless-wds-bridge br0
WDS node 2 (MAC of Wireless 01:02:03:04:05:06)
[label=\file{/etc/network/interfaces}]
auto br0
iface br0 inet static
bridge-ifaces eth1
address 192.168.10.2
netmask 255.255.255.0
broadcast +
wireless-type broadcom
wireless-country DE
wireless-mode wds
wireless-ssid FreeWRT-WDS
wireless-security wpa-psk
wireless-authorization psk psk2
wireless-encryption aes+tkip
wireless-wpa-key apkey
wireless-lazywds 1
wireless-wds-security wpa-psk
wireless-wds-encryption aes
wireless-wds-wpa-key wdskey
wireless-wds 06:05:04:03:02:01
wireless-wds-bridge br0
[label=\file{/etc/network/interfaces}]
auto eth1
iface eth1 inet static
address 192.168.10.1
netmask 255.255.255.0
broadcast +
wireless-type broadcom
wireless-country DE
wireless-mode adhoc
wireless-ssid FreeWRT
wireless-security none
wireless-channel 11