This chapter explains how to configure and use wireless interface communications on a laptop that runs the Solaris OS. The following topics are covered:
Communicating over WiFi Interfaces
Finding a WiFi Network
Connecting and Using WiFi on Solaris OS Systems
Secure WiFi Communications
Task |
Description |
For Instructions |
---|---|---|
Plan for WiFi communications on your system. |
Set up your laptop or wireless network configuration, optionally including a router, in a location that supports WiFi | |
Connect to a WiFi network |
Set up and establish communications with a local WiFi network | |
Monitor communications on the WiFi link |
Use standard Solaris networking tools to check the state of WiFi link | |
Establish secure WiFi communications |
Create a WEP key and use it establish connections with a secure WiFi network |
The IEEE 802.11 specifications define wireless communications for local area networks. These specifications and the networks they describe are referred to collectively as WiFi, a term that is trademarked by the Wi-Fi Alliance trade group. WiFi networks are reasonably easy to configure by both providers and prospective clients. Therefore, they are increasingly popular and in common use throughout the world. WiFi networks use the same radio wave technology as cellular phones, televisions, and radios.
The Solaris OS contains features that enable you to configure a system as a WiFi client. This section explains how to use the WiFi connectivity options of the dladm command to connect a laptop or home computer to a local WiFi network.
The Solaris OS does not contain features for configuring WiFi servers or access points.
WiFi networks typically come in three varieties:
Commercially available WiFi networks
Municipal WiFi networks
Private WiFi networks
A location that is served by WiFi is referred to as a hot spot. Each hot spot includes an access point. The access point is a router with a “wired” connection to the Internet, for example, Ethernet or DSL. The Internet connection is usually through a wireless Internet service provider (WISP) or traditional ISP.
Many hotels and cafes offer wireless Internet connections as a service to their customers with laptop computers. These commercial hot spots have access points within their facilities. The access points are routers with wired connections to a WISP that serves commercial locations. Typical WISPs include independent providers and cellular phone companies.
You can use a laptop that runs the Solaris OS to connect to a WiFi network that is offered by a hotel or other commercial hot spot. Ask for instructions at the hot spot for connecting to the WiFi network. Typically, the connection process involves supplying a key to a browser that you launch upon login. You might have to pay a fee to the hotel or WISP in order to use the network.
Commercial locations that are Internet hot spots usually advertise this capability to their patrons. You can also find lists of wireless hot spots from various web sites, for example, Wi-FiHotSpotList.com.
Cities throughout the world have constructed free municipal WiFi networks, which their citizens can access from systems in their homes. Municipal WiFi uses radio transmitters on telephone poles or other outdoor locations to form a “mesh” over the area that the network serves. These transmitters are the access points to the municipal WiFi network. If your area is served by a municipal WiFi network, your home might be included in the network's mesh.
Access to municipal WiFi is usually free. You can access the municipal network from a properly equipped laptop or personal computer that runs the Solaris OS. You do not need a home router to access the municipal network from your system. However, configuring a home router is recommended for areas where the signal from the municipal network is weak. Home routers are also recommended if you require secure connections over the WiFi network. For more information, see Secure WiFi Communications.
Because WiFi networks are relatively easy to configure, companies and universities use private WiFi networks with access limited to employees or students. Private WiFi networks typically require you to supply a key when you connect or run a secure VPN after you connect. You need a properly equipped laptop or PC that runs the Solaris OS and permission to use the security features in order to connect to the private network.
Before you can connect your system to a WiFi network, complete the following instructions.
The following preparations assumes that your system is a laptop or personal computer that runs the Solaris Express, Developer Edition 2/07 or later release.
Equip your system with a supported WiFi interface.
Your system must have a WiFi card that is supported by Solaris. For the Solaris Express, Developer Edition 2/07 and later releases, you can use WiFi cards that support most Atheros chip sets. For a list of currently supported drivers and chip sets, refer to Wireless Networking for OpenSolaris.
If the interface is not already present on the system, follow the manufacturer's instructions for installing the interface card. You configure the interface software during the procedure How to Connect to a WiFi Network.
Locate your system in a place that is served by a WiFi network, either commercial, municipal, or private.
Your system must be near the access point for the network, which is normally not a consideration for a commercial or private network hot spot. However, if you plan to use a free municipal network, your location must be near the transmitter access point.
(Optional) Set up a wireless router to serve as an additional access point.
Set up your own router if no WiFi network is available at your location. For example, if you have a DSL line, connect the wireless router to the DSL router. Then the wireless router becomes the access point for your wireless devices.
This section contains tasks for establishing and monitoring WiFi connections for a laptop or desktop computer that runs the Solaris OS.
The following procedure assumes that you have followed the instructions in How to Prepare a System for WiFi Communications.
Assume the Primary Administrator role, or become superuser.
The Primary Administrator role includes the Primary Administrator profile. To create the role and assign the role to a user, see Chapter 2, Working With the Solaris Management Console (Tasks), in System Administration Guide: Basic Administration.
Check for available links.
# dladm show-link LINK CLASS MTU STATE OVER ath0 phys 1500 up -- e1000g0 phys 1500 up -- |
In this example, the output indicates that two links are available. The ath0 link supports WiFi communications beginning with the Solaris Express, Developer Edition 2/07release. The e1000g link is for attaching the system to a wired network.
Configure the WiFi interface.
Use the following steps to configure the interface:
Plumb the link that supports WiFi:
# ifconfig ath0 plumb |
Verify that the link has been plumbed:
# ifconfig -a lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1 inet 127.0.0.1 netmask ff000000 e1000g: flags=2001004802<BROADCAST,RUNNING,MULTICAST,DHCP,IPv4,CoS> mtu 1500 index 2 inet 0.0.0.0 netmask 0 ether 0:e:6:4:8:1 ath0: flags=201000803<UP,BROADCAST,RUNNING,MULTICAST,IPv4,CoS> mtu 1500 index 3 inet 0.0.0.0 netmask ff000000 ether 0:b:6:e:f:18 |
# dladm scan-wifi LINK ESSID BSSID/IBSSID SEC STRENGTH MODE SPEED ath0 net1 00:0e:38:49:01:d0 none good g 54Mb ath0 net2 00:0e:38:49:02:f0 none very weak g 54Mb ath0 net3 00:0d:ed:a5:47:e0 none very good g 54Mb |
The example output of the scan-wifi command displays information about the available WiFi networks at the current location. The information in the output includes:
Link name to be used in the WiFi connection.
Extended Service Set ID. The ESSID is the name of the WiFi network, such as net1, net2, and net3 in the example output.
Basic Service Set ID, the unique identifier for a particular ESSID. The BSSID is the 48-bit MAC address of the nearby access point that serves the network with a particular ESSID.
Type of security that is needed to access the network. The values are none or WEP. For information about WEP, refer to Secure WiFi Communications.
Strength of the radio signals from the WiFi networks that are available at your location.
Version of the 802 .11 protocol that is run by the network. The modes are a, b, or g, or these modes in combination.
Speed in megabits per second of the particular network.
Connect to a WiFi network.
Connect to the unsecured WiFi network with the strongest signal.
# dladm connect-wifi |
Connect to an unsecured network by specifying its ESSID.
# dladm connect-wifi -e ESSID |
The connect-wifi subcommand of dladm has several more options for connecting to a WiFi network. For complete details, refer to the dladm(1M) man page.
Configure an IP address for the interface.
Do either of the following:
Obtain an IP address from a DHCP server.
# ifconfig interface dhcp start |
If the WiFi network does not support DHCP, you receive the following message:
ifconfig: interface: interface does not exist or cannot be managed using DHCP |
Configure a static IP address:
Use this option if you have a dedicated IP address for the system.
# ifconfig interface IP-address/CIDR-mask | netmask |
Check the status of the WiFi network to which the system is connected.
# dladm show-wifi LINK STATUS ESSID SEC STRENGTH MODE SPEED ath0 connected net3 none very good g 36Mb |
In this example, the output indicates that the system is now connected to the net3 network. The earlier scan-wifi output indicated that net3 had the strongest signal among the available networks. The dladm show-wifi command automatically chooses the WiFi network with strongest signal, unless you directly specify a different network.
Access the Internet through the WiFi network.
Do either of the following, depending on the network to which the system is connected:
If the access point offers free service, you can now run a browser or an application of your choice.
If the access point is in a commercial hot spot that requires a fee, follow the instructions provided at the current location. Typically, you run a browser, supply a key, and give credit card information to the network provider.
Conclude the session.
Terminate the WiFi session but leave the system running.
# dladm disconnect-wifi |
Terminate a particular WiFi session when more than one session is currently running.
# dladm disconnect-wifi link |
where link represents the interface that was used for the session.
Cleanly shut down the system while the WiFi session is running.
# shutdown -g0 -i5 |
You do not need to explicitly disconnect the WiFi session prior to turning off the system through the shutdown command.
The following example shows a typical scenario that you might encounter when using a laptop that runs the Solaris Express, Developer Edition 2/07 or later Developer releases in an Internet coffee house.
Learn whether a WiFi link is available.
# dladm show-wifi ath0 type: non-vlan mtu: 1500 device: ath0 |
The ath0 link is installed on the laptop. Configure the ath0 interface, and verify that it is up.
# ifconfig ath0 plumb # ifconfig -a lo0: flags=2001000849<LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1 inet 127.0.0.1 netmask ff000000 ath0: flags=201000803<BROADCAST,RUNNING,MULTICAST,IPv4,CoS> mtu 1500 index 3 inet 0.0.0.0 netmask ff000000 ether 0:b:6b:4e:8f:18 |
Display the available WiFi links at your location.
# dladm scan-wifi LINK ESSID BSSID/IBSSID SEC STRENGTH MODE SPEED ath0 net1 00:0e:38:49:01:d0 none weak g 54Mb ath0 net2 00:0e:38:49:02:f0 none very weak g 54Mb ath0 net3 00:0d:ed:a5:47:e0 wep very good g 54Mb ath0 citinet 00:40:96:2a:56:b5 none good b 11Mb |
The output indicates that net3 has the best signal. net3 requires a key, for which the provider for the coffee house charges a fee. citinet is a free network provided by the local town.
Connect to the citinet network.
# dladm connect-wifi -e citinet |
The -e option of connect-wifi takes the ESSID of the preferred WiFi network as its argument. The argument in this command is citinet, the ESSID of the free local network. The dladm connect-wifi command offers several options for connecting to the WiFi network. For more information, refer to the dladm(1M) man page.
Configure an IP address for the WiFi interface.
# ifconfig ath0 10.192.16.3/24 up # ifconfig -a lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1 inet 127.0.0.1 netmask ff000000 e1000g0: flags=201004843<UP,,BROADCAST,RUNNING,MULTICAST,DHCP,IPv4,CoS> mtu 1500 index 3 inet 129.146.69.34 netmask fffffe00 broadcast 129.146.69.255 ether 0:e:7b:b5:64:a4 ath0: flags=201004843<UP,BROADCAST,RUNNING,MULTICAST,DHCP,IPv4,CoS> mtu 1500 index 4 inet 10.192.16.3 netmask ffffff00 broadcast 10.255.255.255 ether 0:b:6b:4e:8f:18 |
This example assumes that you have the static IP address 10.192.16.3/24 configured on your laptop.
# dladm show-wifi LINK STATUS ESSID SEC STRENGTH MODE SPEED ath0 connected citinet none good g 11Mb |
The output indicates that the laptop is now connected to network citinet.
# firefox |
The home page for the Firefox browser displays.
Run a browser or other application to commence your work over the WiFi network.
# dladm disconnect-wifi # dladm show-wifi LINK STATUS ESSID SEC STRENGTH MODE SPEED ath0 disconnected -- -- -- -- -- |
The output of show-wifi verifies that you have disconnected the ath0 link from the WiFi network.
This procedure shows how to monitor the status of a WiFi link through standard networking tools, and change link properties through the linkprop subcommand.
Assume the Primary Administrator role, or become superuser.
The Primary Administrator role includes the Primary Administrator profile. To create the role and assign the role to a user, see Chapter 2, Working With the Solaris Management Console (Tasks), in System Administration Guide: Basic Administration.
Connect to the WiFi network, as described in How to Connect to a WiFi Network.
View the properties of the link.
Use the following syntax:
# dladm show-linkprop interface |
For example, you would use the following syntax to show the status of the connection established over the ath0 link:
# dladm show-linkprop ath0 PROPERTY VALUE DEFAULT POSSIBLE channel 5 -- -- powermode off off off,fast,max radio ? on on,off speed 36 -- 1,2,5.5,6,9,11,12,18,24,36,48,54 |
Set a fixed speed for the link.
The Solaris OS automatically chooses the optimal speed for the WiFi connection. Modifying the initial speed of the link might cause reduced performance or prevent the establishment of certain WiFi connections.
You can modify the link speed to one of the possible values for speed that is listed in the show-linkprop output.
# dladm set-linkprop -p speed=value link |
Check the packet flow over the link.
# netstat -I ath0 -i 5 input ath0 output input (Total) output packets errs packets errs colls packets errs packets errs colls 317 0 106 0 0 2905 0 571 0 0 14 0 0 0 0 20 0 0 0 0 7 0 0 0 0 16 0 1 0 0 5 0 0 0 0 9 0 0 0 0 304 0 10 0 0 631 0 316 0 0 338 0 9 0 0 722 0 381 0 0 294 0 7 0 0 670 0 371 0 0 306 0 5 0 0 649 0 338 0 0 289 0 5 0 0 597 0 301 0 0 |
This example shows how to set the speed of a link after you have connected to a WiFi network
# dladm show-linkprop -p speed ath0 PROPERTY VALUE DEFAULT POSSIBLE speed 24 -- 1,2,5,6,9,11,12,18,24,36,48,54 # dladm set-linkprop -p speed=36 ath0 # dladm show-linkprop -p speed ath0 PROPERTY VALUE DEFAULT POSSIBLE speed 36 -- 1,2,5,6,9,11,12,18,24,36,48,54 |
Radio wave technology makes WiFi networks readily available and often freely accessible to users in many locations. As a result, connecting to a WiFi network can be an insecure undertaking. However, certain types of WiFi connections are more secure:
Connecting to a private, restricted-access WiFi network
Private networks, such as internal networks established by corporations or universities, restrict access to their networks to users who can provide the correct security challenge. Potential users must supply a key during the connection sequence or log in to the network through a secure VPN.
Encrypting your connection to the WiFi network
You can encrypt communications between your system and a WiFi network by using a secure key. Your access point to the WiFi network must be a router in your home or office with a secure key-generating feature. Your system and the router establish and then share the key before creating the secure connection.
The dladm command can use a Wired Equivalent Privacy (WEP) key for encrypting connections through the access point. The WEP protocol is defined in IEEE 802.11 specifications for wireless connections. For complete details on the WEP-related options of the dladm command, refer to the dladm(1M) man page.
The next procedure shows how to set up secure communications between a system and a router in the home. Many wireless and wired routers for the home have an encryption feature that can generate a secure key. This procedure assumes that you use such a router and have its documentation available. The procedure also assumes that your system is already plugged into the router.
Start the software for configuring the home router.
Refer to the manufacturer's documentation for instructions. Router manufacturers typically offer an internal web site or a graphical user interface for router configuration.
Generate the value for the WEP key.
Follow the manufacturer's instructions for creating a secure key for the router. The router configuration GUI might ask you to supply a passphrase of your choice for the key. The software then uses the passphrase to generate a hexadecimal string, typically 5 bytes or 13 bytes in length. This string becomes the value to be used for the WEP key.
Apply and save the key configuration.
Refer to the manufacturer's documentation for instructions.
Assume the Primary Administrator role, or become superuser.
The Primary Administrator role includes the Primary Administrator profile. To create the role and assign the role to a user, see Chapter 2, Working With the Solaris Management Console (Tasks), in System Administration Guide: Basic Administration.
Create a secure object that contains the WEP key.
Open a terminal window on the system and type the following:
# dladm create-secobj -c wep keyname |
where keyname represents the name you want to give to the key.
Supply the value for the WEP key to the secure object.
The create-secobj subcommand then runs a script that requests the value for the key.
provide value for keyname: 5 or 13 byte key confirm value for keyname: retype key |
This value is the key that was generated by the router. The script accepts either a five byte or thirteen byte string, in ASCII or in hexadecimal for the key value.
View the contents of the key that you just created.
# dladm show-secobj OBJECT CLASS keyname wep |
where keyname is the name for the secure object.
Make an encrypted connection to the WiFi network.
# dladm connect-wifi -e network -k keyname interface |
Verify that the connection is secure.
# dladm show-wifi LINK STATUS ESSID SEC STRENGTH MODE SPEED ath0 connected net1 wep good g 11Mb |
The wep value under the SEC heading indicates that WEP encryption is in place for the connection.
This example assumes that you have already done the following:
Connected your system to a home router that can create a WEP key
Followed the router manufacturer's documentation and created the WEP key
Saved the key so that you can use it to create the secure object on your system
# dladm create-secobj -c wep mykey provide value for mykey: ***** confirm value for mkey: ***** |
When you supply the WEP key generated that is by the router, asterisks mask the value that you type.
# dladm show-secobj OBJECT CLASS mykey wep # dladm connect-wifi -e citinet -k mykey ath0 |
This command establishes an encrypted connection to the WiFi network citinet, using the secure object mykey.
# dladm show-wifi LINK STATUS ESSID SEC STRENGTH MODE SPEED ath0 connected citinet wep good g 36Mb |
This output verifies that you are connected to citinet through WEP encryption.