WLAN

Wireless LAN (WLAN) is a technology based on the IEEE 802.11 standard that operates at the physical and data link layers of the OSI model which allows the connection of wireless devices. In OSDX, the WLAN configuration is defined by two elements, Controllers and Interfaces. Controllers model the physical related characteristics of the wireless link while interfaces focus on the logical ones.

Regulatory domains 

A regulatory domain defines a set of restrictions applicable to WLAN capable devices. Due to the existing regulations, all OSDX WLAN capable devices are shipped with predefined regulatory domain that cannot be changed through of configuration. The following table shows all the regulatory domains supported by OSDX devices.

Regulatory domain	Default country	Description
`etsi`	`DE`	European Telecommunications Standards Institute
`fcc`	`US`	Federal Communications Commission
`nom`	`MX`	Norma Oficial Mexicana
`row`	`NA`	Rest of the world

Note that, for each domain there is a default country. Use the following table to find out the regulatory domain present in your target country.

Country list:

Country code	Country name	Regulatory domain
`NA`	`NAMIBIA`	`row`
`AF`	`AFGHANISTAN`	`row`
`AL`	`ALBANIA`	`etsi`
`DZ`	`ALGERIA`	`row`
`AS`	`AMERICAN SAMOA`	`row`
`AI`	`ANGUILLA`	`row`
`AR`	`ARGENTINA`	`row`
`AM`	`ARMENIA`	`row`
`AW`	`ARUBA`	`row`
`AU`	`AUSTRALIA`	`row`
`AT`	`AUSTRIA`	`etsi`
`AZ`	`AZERBAIJAN`	`row`
`BS`	`BAHAMAS`	`row`
`BH`	`BAHRAIN`	`row`
`BD`	`BANGLADESH`	`row`
`BB`	`BARBADOS`	`row`
`BY`	`BELARUS`	`row`
`BE`	`BELGIUM`	`etsi`
`BZ`	`BELIZE`	`row`
`BM`	`BERMUDA`	`row`
`BT`	`BHUTAN`	`row`
`BO`	`BOLIVIA`	`row`
`BA`	`BOSNIA AND HERZEGOVINA`	`etsi`
`BR`	`BRAZIL`	`row`
`BN`	`BRUNEI DARUSSALAM`	`row`
`BG`	`BULGARIA`	`etsi`
`BF`	`BURKINA FASO`	`row`
`KH`	`CAMBODIA`	`row`
`CA`	`CANADA`	`row`
`KY`	`CAYMAN ISLANDS`	`row`
`CF`	`CENTRAL AFRICAN REPUBLIC`	`row`
`TD`	`CHAD`	`row`
`CL`	`CHILE`	`row`
`CN`	`CHINA`	`row`
`CX`	`CHRISTMAS ISLAND`	`row`
`CO`	`COLOMBIA`	`row`
`CR`	`COSTA RICA`	`row`
`HR`	`CROATIA`	`etsi`
`CY`	`CYPRUS`	`etsi`
`CZ`	`CZECHIA`	`etsi`
`DK`	`DENMARK`	`etsi`
`DM`	`DOMINICA`	`row`
`DO`	`DOMINICAN REPUBLIC`	`row`
`EC`	`ECUADOR`	`row`
`EG`	`EGYPT`	`row`
`SV`	`EL SALVADOR`	`row`
`EE`	`ESTONIA`	`etsi`
`ET`	`ETHIOPIA`	`row`
`FI`	`FINLAND`	`etsi`
`FR`	`FRANCE`	`etsi`
`GF`	`FRENCH GUIANA`	`row`
`PF`	`FRENCH POLYNESIA`	`row`
`GE`	`GEORGIA`	`row`
`DE`	`GERMANY`	`etsi`
`GH`	`GHANA`	`row`
`GI`	`GIBRALTAR`	`etsi`
`GR`	`GREECE`	`etsi`
`GL`	`GREENLAND`	`row`
`GD`	`GRENADA`	`row`
`GP`	`GUADELOUPE`	`row`
`GU`	`GUAM`	`row`
`GT`	`GUATEMALA`	`row`
`GY`	`GUYANA`	`row`
`HT`	`HAITI`	`row`
`HN`	`HONDURAS`	`row`
`HK`	`HONG KONG`	`row`
`HU`	`HUNGARY`	`etsi`
`IS`	`ICELAND`	`etsi`
`IN`	`INDIA`	`row`
`ID`	`INDONESIA`	`row`
`IQ`	`IRAQ`	`row`
`IE`	`IRELAND`	`etsi`
`IL`	`ISRAEL`	`row`
`IT`	`ITALY`	`etsi`
`CI`	`COTE D'IVOIRE`	`row`
`JM`	`JAMAICA`	`row`
`JP`	`JAPAN`	`row`
`JO`	`JORDAN`	`row`
`KZ`	`KAZAKHSTAN`	`row`
`KE`	`KENYA`	`row`
`KR`	`REPUBLIC OF KOREA`	`row`
`KW`	`KUWAIT`	`row`
`LV`	`LATVIA`	`etsi`
`LB`	`LEBANON`	`row`
`LS`	`LESOTHO`	`row`
`LI`	`LIECHTENSTEIN`	`etsi`
`LT`	`LITHUANIA`	`etsi`
`LU`	`LUXEMBOURG`	`etsi`
`MO`	`MACAU`	`row`
`MK`	`NORTH MACEDONIA`	`etsi`
`MW`	`MALAWI`	`row`
`MY`	`MALAYSIA`	`row`
`MV`	`MALDIVES`	`row`
`MT`	`MALTA`	`etsi`
`MH`	`MARSHALL ISLANDS`	`row`
`MQ`	`MARTINIQUE`	`row`
`MR`	`MAURITANIA`	`row`
`MU`	`MAURITIUS`	`row`
`YT`	`MAYOTTE`	`row`
`MX`	`MEXICO`	`nom`
`FM`	`FEDERATED STATES OF MICRONESIA`	`row`
`MD`	`REPUBLIC OF MOLDOVA`	`etsi`
`MC`	`MONACO`	`etsi`
`MN`	`MONGOLIA`	`row`
`ME`	`MONTENEGRO`	`etsi`
`MA`	`MOROCCO`	`row`
`NP`	`NEPAL`	`row`
`NL`	`NETHERLANDS`	`etsi`
`NZ`	`NEW ZEALAND`	`row`
`NI`	`NICARAGUA`	`row`
`NG`	`NIGERIA`	`row`
`NO`	`NORWAY`	`etsi`
`MP`	`NORTHERN MARIANA ISLANDS`	`row`
`OM`	`OMAN`	`row`
`PK`	`PAKISTAN`	`row`
`PW`	`PALAU`	`row`
`PA`	`PANAMA`	`row`
`PG`	`PAPUA NEW GUINEA`	`row`
`PY`	`PARAGUAY`	`row`
`PE`	`PERU`	`row`
`PH`	`PHILIPPINES`	`row`
`PL`	`POLAND`	`etsi`
`PT`	`PORTUGAL`	`etsi`
`PR`	`PUERTO RICO`	`row`
`QA`	`QATAR`	`row`
`RE`	`REUNION`	`row`
`RO`	`ROMANIA`	`etsi`
`RU`	`RUSSIA FEDERATION`	`row`
`RW`	`RWANDA`	`row`
`BL`	`SAINT BARTHELEMY`	`row`
`KN`	`SAINT KITTS AND NEVIS`	`row`
`LC`	`SAINT LUCIA`	`row`
`MF`	`SAINT MARTIN`	`row`
`PM`	`SAINT PIERRE AND MIQUELON`	`row`
`VC`	`SAINT VINCENT AND THE GRENADINES`	`row`
`WS`	`SAMOA`	`row`
`SA`	`SAUDI ARABIA`	`row`
`SN`	`SENEGAL`	`row`
`RS`	`SERBIA`	`etsi`
`SG`	`SINGAPORE`	`row`
`SK`	`SLOVAKIA`	`etsi`
`SI`	`SLOVENIA`	`etsi`
`ZA`	`SOUTH AFRICA`	`row`
`ES`	`SPAIN`	`etsi`
`LK`	`SRI LANKA`	`row`
`SR`	`SURINAME`	`row`
`SE`	`SWEDEN`	`etsi`
`CH`	`SWITZERLAND`	`etsi`
`TW`	`TAIWAN`	`row`
`TZ`	`TANZANIA`	`row`
`TG`	`TOGO`	`row`
`TH`	`THAILAND`	`row`
`TT`	`TRINIDAD AND TOBAGO`	`row`
`TN`	`TUNISIA`	`row`
`TR`	`TURKEY`	`etsi`
`TC`	`TURKS AND CAICOS`	`row`
`UG`	`UGANDA`	`row`
`UA`	`UKRAINE`	`row`
`AE`	`UNITED ARAB EMIRATES`	`row`
`GB`	`UNITED KINGDOM`	`etsi`
`US`	`UNITED STATES`	`row`
`UY`	`URUGUAY`	`row`
`UZ`	`UZBEKISTAN`	`row`
`VU`	`VANUATU`	`row`
`VE`	`VENEZUELA`	`row`
`VN`	`VIETNAM`	`row`
`VI`	`VIRGIN ISLANDS`	`row`
`WF`	`WALLIS AND FUTUNA`	`row`
`YE`	`YEMEN`	`row`
`ZW`	`ZIMBABWE`	`row`

Controllers 

Physical-related parameters and common interface ones are configured by mean of the WLAN controllers. All WLAN controllers are pre-allocated during boot-up, meaning the creation and deletion actions are not supported. Depending on the characteristics of the associated radio module, some parameters will only accept a specific set values. OSDX provides a command that lists all the relevant information from the CLI.

admin@Kaio$ controllers wlan show capabilities

Phy: wifi0
        modes: 802.11ax,802.11g,802.11n
        stations: 512
        bandwidths: 20MHz,40MHz
        bands: 2.4GHz
        tx-power: 11,10,13,12,15,14,17,16,19,18,5,8,7,6,9,20
        vht-capabilities: [SU-BEAMFORMEE][RXLDPC][BF-ANTENNA-4][TX-STBC-2BY1][MU-BEAMFORMER][SOUNDING-DIMENSION-4][SU-BEAMFORMER][MAX-MPDU-11454][RX-ANTENNA-PATTERN][TX-ANTENNA-PATTERN][RX-STBC-1][MAX-A-MPDU-LEN-EXP7]
        supported-channels: 11,10,13,12,14,1,3,2,5,4,7,6,9,8
        vaps: 16
        spatial-streams: 1,3,2,4
        ht-capabilities: [DSSS_CCK-40][LDPC][TX-STBC][MAX-AMSDU-7935][RX-STBC1][SMPS-DYNAMIC]
        max-tx-power: 20

Phy: wifi1
        modes: 802.11a,802.11ax,802.11ac,802.11n
        stations: 512
        bandwidths: 20MHz,80MHz,40MHz
        bands: 5GHz
        tx-power: 11,10,13,12,15,14,17,16,19,18,22,21,5,8,7,6,9,20,23
        vht-capabilities: [SU-BEAMFORMEE][RXLDPC][TX-STBC-2BY1][MU-BEAMFORMER][SOUNDING-DIMENSION-4][SU-BEAMFORMER][MAX-MPDU-11454][RX-ANTENNA-PATTERN][TX-ANTENNA-PATTERN][RX-STBC-1][MAX-A-MPDU-LEN-EXP7]
        supported-channels: 153,157,60,132,116,64,136,112,177,173,48,44,40,144,140,149,120,108,124,169,128,165,100,161,104,56,36,52
        vaps: 16
        spatial-streams: 1,3,2,4
        ht-capabilities: [DSSS_CCK-40][LDPC][TX-STBC][MAX-AMSDU-7935][RX-STBC1][SMPS-DYNAMIC]
        max-tx-power: 23

Default values may apply if a parameter is not configured.

Warning

Note that, regardless of the default values, at least one controller parameter must be set to consider the configuration valid.

Wlan Channels 

Channel selection depends on several factors: regulatory domain, band and bandwidth. The following tables can be used to know which channels will be available on the selected band. Note that depending on the configured bandwidth, some channels will not be available since some of the frequencies could fall out of the spectrum.

2.4GHz band
Frequency	Channel	Regulatory Domains
2412	1	`etsi` `fcc` `nom` `row`
2417	2	`etsi` `fcc` `nom` `row`
2422	3	`etsi` `fcc` `nom` `row`
2427	4	`etsi` `fcc` `nom` `row`
2432	5	`etsi` `fcc` `nom` `row`
2437	6	`etsi` `fcc` `nom` `row`
2442	7	`etsi` `fcc` `nom` `row`
2447	8	`etsi` `fcc` `nom` `row`
2452	9	`etsi` `fcc` `nom` `row`
2457	10	`etsi` `fcc` `nom` `row`
2462	11	`etsi` `fcc` `nom` `row`
2467	12	`etsi` `nom` `row`
2472	13	`etsi` `nom` `row`
2484	14	`row`

5GHz band
Frequency	Channel	Installation	CAC	Regulatory domains
5180	36	indoor (`etsi`)		`etsi` `fcc` `nom` `row`
5200	40	indoor (`etsi`)		`etsi` `fcc` `nom` `row`
5220	44	indoor (`etsi`)		`etsi` `fcc` `nom` `row`
5240	48	indoor (`etsi`)		`etsi` `fcc` `nom` `row`
5260	52	indoor (`etsi`)	1 min	`etsi` `fcc` `nom` `row`
5280	56	indoor (`etsi`)	1 min	`etsi` `fcc` `nom` `row`
5300	60	indoor (`etsi`)	1 min	`etsi` `fcc` `nom` `row`
5320	64	indoor (`etsi`)	1 min	`etsi` `fcc` `nom` `row`
5500	100	indoor/outdoor (`etsi`)	1 min	`etsi` `fcc` `nom` `row`
5520	104	indoor/outdoor (`etsi`)	1 min	`etsi` `fcc` `nom` `row`
5540	108	indoor/outdoor (`etsi`)	1 min	`etsi` `fcc` `nom` `row`
5560	112	indoor/outdoor (`etsi`)	1 min	`etsi` `fcc` `nom` `row`
5580	116	indoor/outdoor (`etsi`)	1 min	`etsi` `fcc` `nom` `row`
5600	120	indoor/outdoor (`etsi`)	10 mins	`etsi` `fcc` `row`
5620	124	indoor/outdoor (`etsi`)	10 mins	`etsi` `fcc` `row`
5640	128	indoor/outdoor (`etsi`)	10 mins	`etsi` `fcc` `row`
5660	132	indoor/outdoor (`etsi`)	1 min	`etsi` `fcc` `nom` `row`
5680	136	indoor/outdoor (`etsi`)	1 min	`etsi` `fcc` `nom` `row`
5700	140	indoor/outdoor (`etsi`)	1 min	`etsi` `fcc` `nom` `row`
5720	144		1 min	`fcc` `nom` `row`
5745	149		1 min	`fcc` `nom` `row`
5765	153		1 min	`fcc` `nom` `row`
5785	157		1 min	`fcc` `nom` `row`
5805	161		1 min	`fcc` `nom` `row`
5825	165		1 min	`fcc` `nom` `row`

Interfaces 

Network-specific parameters are configured under the interface wlan section, with phy and type being mandatory. The maximum number of interfaces allowed depends on the platform and can be checked using the show capabilities command described in the Controllers section.

Router capable devices, like the Teldat M2 and M10 models have pre-allocated WLAN interfaces that only accept a specific phy and type when configured:

Interface	Phy	Type
`wlan0`	`wifi0`	`station`
`wlan1`	`wifi0`	`access-point`
`wlan2`	`wifi0`	`access-point`
`wlan3`	`wifi1`	`station`
`wlan4`	`wifi1`	`access-point`
`wlan5`	`wifi1`	`access-point`

There are two types of WLAN interfaces supported by all wireless capable devices: access-point and station. An additional mode, called monitor, is also supported by the APs. These three types are described in the following sections.

Once the device has at least one interface configured on top of a controller, the status of the device can be check using the show status command.

admin@osdx# run controllers wlan show status

Phy: wifi0
        Status: up
        Band: 2.4GHz
        Channel: 13
        Bandwidth: 20MHz
        Tx-Power: 15dBm

Phy: wifi1
        Status: cac (13 seconds remaining)

Access-point 

This type implements the infrastructure mode where wireless devices connect to an access-point that forwards the packets between the connected stations and the wired network. Note that the access-point is the center point for all communications (unlike what happens with the ad-hoc mode, where connections between stations are point-to-point).

Security

All OSDX WLAN capable devices support the following security modes for the access-point role:

mode	akms	security framework	unicast ciphers	pmf
none
WPA personal	`psk`	`wpav1`	`tkip` `aes-ccmp`
WPA2 personal	`psk` `ft-psk`	`rsn`	`tkip` `aes-ccmp`
WPA/WPA2 personal	`psk` `ft-psk`	`wpav1` `rsn`	`tkip` `aes-ccmp`
WPA3 personal	`psk-256` `sae` `ft-sae` `owe`	`rsn`	`aes-ccmp` `aes-ccmp-256` `aes-gcmp` `aes-gcmp-256`	pmf required
WPA2/WPA3 personal	`psk` `psk-256` `ft-psk` `sae` `ft-sae` `owe-transition`	`rsn`	`aes-ccmp` `aes-ccmp-256` `aes-gcmp` `aes-gcmp-256`	pmf optional / pmf required (`owe-transition`)
WPA enterprise	`dot1x`	`wpav1`	`tkip` `aes-ccmp`
WPA2 enterprise	`dot1x` `ft-dot1x`	`rsn`	`tkip` `aes-ccmp`
WPA/WPA2 enterprise	`dot1x` `ft-dot1x`	`wpav1` `rsn`	`tkip` `aes-ccmp`
WPA3 enterprise	`dot1x-256` `cnsa`	`rsn`	`aes-ccmp` `aes-ccmp-256` `aes-gcmp` `aes-gcmp-256` (`cnsa`)	pmf required
WPA2/WPA3 enterprise	`dot1x` `dot1x-256` `ft-dot1x`	`rsn`	`aes-ccmp` `aes-ccmp-256` `aes-gcmp` `aes-gcmp-256`	pmf optional

Note that some security modes may call for additional parameters to be configured. On such cases, the CLI will report an error message to inform the user about the problem.

For example, the following lines show how to configure an access-point interface in WPA3 personal mode:

set interfaces wlan wlan0 bridge-group bridge br0
set interfaces wlan wlan0 phy wifi1
set interfaces wlan wlan0 type access-point security akm sae
set interfaces wlan wlan0 type access-point security psk-passphrase 1234567890
set interfaces wlan wlan0 type access-point security pairwise-ciphers aes-ccmp
set interfaces wlan wlan0 type access-point security pmf required
set interfaces wlan wlan0 type access-point ssid test_network

Note that the security framework is automatically configured based on the values set under akm, pairwise-ciphers and wpav1 pairwise-ciphers.

Station 

This type implements the station or client mode where the interface connects to an access point operating in infrastructure mode to provide connectivity through the air.

Client mode is configured via networks. A network is just a set of rules that is evaluated when looking for a valid target so the first valid one with the highest priority is used. The network priority is identified by mean of the index and is evaluated in descending order (1 being the highest priority and 16 the lowest). This configuration method gives the administrator a lot of flexibility when working in complex deployments allowing the interface to connect to different networks based on many conditions.

Warning

Note that only 1 interface in station mode per radio is supported in OSDX.

The security configuration is almost the same as the one described under the Access-point section. The only difference is that the owe-transition mode is not allowed, since it doesn’t make sense in station mode. For example, the following excerpt shows how to configure an interface in station mode using WPA3 personal security:

set interfaces wlan wlan0 phy wifi1
set interfaces wlan wlan0 type station network 1 security akm sae
set interfaces wlan wlan0 type station network 1 security pmf required
set interfaces wlan wlan0 type station network 1 security psk-passphrase 1234567890
set interfaces wlan wlan0 type station network 1 ssid test_24ghz

Eap methods MSCHAPv2, TTL, TTLS (with MD5, MSCHAPv2 and TTL) and PEAP (with MD5 with MSCHAPv2) are also supported. On the next example, a station will try to connect to a network with WPA3 Enterprise security using the TTLS-TTL EAP method (that is, a TTL tunnel with certificates). Make sure the device has the ca.pem, client.pem and client.key certificates in the /config/auth/certificates folder.

set interfaces wlan wlan0 phy wifi0
set interfaces wlan wlan0 type station network 1 security akm cnsa
set interfaces wlan wlan0 type station network 1 security ca-certificate 'running://auth/certificates/ca.pem'
set interfaces wlan wlan0 type station network 1 security client-certificate 'running://auth/certificates/client.pem'
set interfaces wlan wlan0 type station network 1 security client-private-key 'running://auth/certificates/client.key'
set interfaces wlan wlan0 type station network 1 security client-private-password whatever
set interfaces wlan wlan0 type station network 1 security eap-method ttls inner-method tls
set interfaces wlan wlan0 type station network 1 security framework rsn
set interfaces wlan wlan0 type station network 1 security identity user
set interfaces wlan wlan0 type station network 1 security pmf required
set interfaces wlan wlan0 type station network 1 ssid test_radius

Monitor 

In monitor mode, the interface is able to capture the traffic on the configured channel without being connected to the target network.

Warning

Monitor mode is only supported by the APs. Only 1 interface in monitor mode per radio is supported in OSDX.

For example, the following configuration shows how to set an AP to capture the traffic on channel 36 of the 5GHz band.

set controllers wlan installation indoor
set controllers wlan radios wifi1 channel 36
set interfaces wlan wlan0 phy wifi1
set interfaces wlan wlan0 type monitor

The traffic can be later analyzed with the traffic dump tool with the wlan0 interface as filter.

admin@osdx$ traffic dump monitor interface wlan0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on wlan0, link-type IEEE802_11_RADIO (802.11 plus radiotap header), capture size 262144 bytes
03:33:52.448859 8198636505us tsft bad-fcs 12.0 Mb/s 5180 MHz 11a -98dBm signal 0dBm noise antenna 0 unknown 802.11 ctrl frame subtype (5)
03:33:52.466432 8198654122us tsft 6.0 Mb/s 5180 MHz 11a -98dBm signal 0dBm noise antenna 0 Beacon (SSID) [6.0* 9.0 12.0* 18.0 24.0* 36.0 48.0 54.0 Mbit] ESS CH: 36, PRIVACY
03:33:52.467060 8198654767us tsft 6.0 Mb/s 5180 MHz 11a -99dBm signal 0dBm noise antenna 0 Beacon () [6.0* 9.0 12.0* 18.0 24.0* 36.0 48.0 54.0 Mbit] ESS CH: 36, PRIVACY
03:33:52.568841 8198756521us tsft 6.0 Mb/s 5180 MHz 11a -99dBm signal 0dBm noise antenna 0 Beacon (SSID) [6.0* 9.0 12.0* 18.0 24.0* 36.0 48.0 54.0 Mbit] ESS CH: 36, PRIVACY
03:33:52.569468 8198757166us tsft 6.0 Mb/s 5180 MHz 11a -100dBm signal 0dBm noise antenna 0 Beacon () [6.0* 9.0 12.0* 18.0 24.0* 36.0 48.0 54.0 Mbit] ESS CH: 36, PRIVACY
03:33:52.569742 8198757433us tsft 6.0 Mb/s 5180 MHz 11a -99dBm signal 0dBm noise antenna 0 Data IV:ed72 Pad 20 KeyID 1

WLAN

Regulatory domains 

Controllers 

Wlan Channels 

Interfaces 

Access-point 

Station 

Monitor 

Examples 

Command Summary 

Configuration commands 

Operational commands 