==== WLAN ==== .. sidebar:: Contents .. contents:: :depth: 3 :local: Wireless LAN (WLAN) is a technology based on the IEEE 802.11 standard that operates at the physical and data link layers of the OSI model which allows the connection of wireless devices. In OSDX, the WLAN configuration is defined by two elements, `Controllers`_ and `Interfaces`_. Controllers model the physical related characteristics of the wireless link while interfaces focus on the logical ones. Regulatory domains ================== A regulatory domain defines a set of restrictions applicable to WLAN capable devices. Due to the existing regulations, all OSDX WLAN capable devices are shipped with predefined regulatory domain that **cannot be changed through of configuration**. The following table shows all the regulatory domains supported by OSDX devices. .. csv-table:: :align: left :header: Regulatory domain,Default country,Description ``etsi``, ``ES``, European Telecommunications Standards Institute ``fcc``, ``US``, Federal Communications Commission ``nom``, ``MX``, Norma Oficial Mexicana ``row``, ``IL``, Rest of the world Use the following table to find out the regulatory domain that applies for your target country. .. dropdown:: **Country list**: .. csv-table:: :align: left :header: Country code,Country name,Regulatory domain ``NA``, Namibia, ``row`` ``AF``, Afghanistan, ``row`` ``AL``, Albania, ``etsi`` ``DZ``, Algeria, ``row`` ``AS``, American Samoa, ``row`` ``AD``, Andorra, ``etsi`` ``AI``, Anguilla, ``row`` ``AR``, Argentina, ``row`` ``AM``, Armenia, ``row`` ``AW``, Aruba, ``row`` ``AU``, Australia, ``row`` ``AT``, Austria, ``etsi`` ``AZ``, Azerbaijan, ``row`` ``BS``, Bahamas, ``row`` ``BH``, Bahrain, ``row`` ``BD``, Bangladesh, ``row`` ``BB``, Barbados, ``row`` ``BY``, Belarus, ``row`` ``BE``, Belgium, ``etsi`` ``BZ``, Belize, ``row`` ``BM``, Bermuda, ``row`` ``BT``, Bhutan, ``row`` ``BO``, Bolivia, ``row`` ``BA``, Bosnia and Herzegovina, ``etsi`` ``BR``, Brazil, ``row`` ``BN``, Brunei Darussalam, ``row`` ``BG``, Bulgaria, ``etsi`` ``BF``, Burkina Faso, ``row`` ``KH``, Cambodia, ``row`` ``CA``, Canada, ``row`` ``KY``, Cayman Islands, ``row`` ``CF``, Central African Republic, ``row`` ``TD``, Chad, ``row`` ``CL``, Chile, ``row`` ``CN``, China, ``row`` ``CX``, Christmas Island, ``row`` ``CO``, Colombia, ``row`` ``CR``, Costa Rica, ``row`` ``HR``, Croatia, ``etsi`` ``CY``, Cyprus, ``etsi`` ``CZ``, Czechia, ``etsi`` ``DK``, Denmark, ``etsi`` ``DM``, Dominica, ``row`` ``DO``, Dominican Republic, ``row`` ``EC``, Ecuador, ``row`` ``EG``, Egypt, ``row`` ``SV``, El Salvador, ``row`` ``EE``, Estonia, ``etsi`` ``ET``, Ethiopia, ``row`` ``FI``, Finland, ``etsi`` ``FR``, France, ``etsi`` ``GF``, French Guiana, ``row`` ``PF``, French Polynesia, ``row`` ``GE``, Georgia, ``row`` ``DE``, Germany, ``etsi`` ``GH``, Ghana, ``row`` ``GR``, Greece, ``etsi`` ``GL``, Greenland, ``row`` ``GD``, Grenada, ``row`` ``GP``, Guadeloupe, ``row`` ``GU``, Guam, ``row`` ``GT``, Guatemala, ``row`` ``GY``, Guyana, ``row`` ``HT``, Haiti, ``row`` ``HN``, Honduras, ``row`` ``HK``, Hong Kong, ``row`` ``HU``, Hungary, ``etsi`` ``IS``, Iceland, ``etsi`` ``IN``, India, ``row`` ``ID``, Indonesia, ``row`` ``IQ``, Iraq, ``row`` ``IE``, Ireland, ``etsi`` ``IL``, Israel, ``row`` ``IT``, Italy, ``etsi`` ``CI``, Cote D'Ivoire, ``row`` ``JM``, Jamaica, ``row`` ``JP``, Japan, ``row`` ``JO``, Jordan, ``row`` ``KZ``, Kazakhstan, ``row`` ``KE``, Kenya, ``row`` ``KR``, Republic of Korea, ``row`` ``KW``, Kuwait, ``row`` ``LV``, Latvia, ``etsi`` ``LB``, Lebanon, ``row`` ``LS``, Lesotho, ``row`` ``LI``, Liechtenstein, ``etsi`` ``LT``, Lithuania, ``etsi`` ``LU``, Luxembourg, ``etsi`` ``MO``, Macau, ``row`` ``MK``, North Macedonia, ``etsi`` ``MW``, Malawi, ``row`` ``MY``, Malaysia, ``row`` ``MV``, Maldives, ``row`` ``MT``, Malta, ``etsi`` ``MH``, Marshall Islands, ``row`` ``MQ``, Martinique, ``row`` ``MR``, Mauritania, ``row`` ``MU``, Mauritius, ``row`` ``YT``, Mayotte, ``row`` ``MX``, Mexico, ``nom`` ``FM``, Federated States of Micronesia, ``row`` ``MD``, Republic of Moldova, ``etsi`` ``MC``, Monaco, ``etsi`` ``MN``, Mongolia, ``row`` ``ME``, Montenegro, ``etsi`` ``MA``, Morocco, ``row`` ``NP``, Nepal, ``row`` ``NL``, Netherlands, ``etsi`` ``NZ``, New Zealand, ``row`` ``NI``, Nicaragua, ``row`` ``NG``, Nigeria, ``row`` ``NO``, Norway, ``etsi`` ``MP``, Northern Mariana Islands, ``row`` ``OM``, Oman, ``row`` ``PK``, Pakistan, ``row`` ``PW``, Palau, ``row`` ``PA``, Panama, ``row`` ``PG``, Papua New Guinea, ``row`` ``PY``, Paraguay, ``row`` ``PE``, Peru, ``row`` ``PH``, Philippines, ``row`` ``PL``, Poland, ``etsi`` ``PT``, Portugal, ``etsi`` ``PR``, Puerto Rico, ``row`` ``QA``, Qatar, ``row`` ``RE``, Reunion, ``row`` ``RO``, Romania, ``etsi`` ``RU``, Russia Federation, ``row`` ``RW``, Rwanda, ``row`` ``BL``, Saint Barthelemy, ``row`` ``KN``, Saint Kitts and Nevis, ``row`` ``LC``, Saint Lucia, ``row`` ``MF``, Saint Martin, ``row`` ``PM``, Saint Pierre and Miquelon, ``row`` ``VC``, Saint Vincent and the Grenadines, ``row`` ``WS``, Samoa, ``row`` ``SA``, Saudi Arabia, ``row`` ``SN``, Senegal, ``row`` ``RS``, Serbia, ``etsi`` ``SG``, Singapore, ``row`` ``SK``, Slovakia, ``etsi`` ``SI``, Slovenia, ``etsi`` ``ZA``, South Africa, ``row`` ``ES``, Spain, ``etsi`` ``LK``, Sri Lanka, ``row`` ``SR``, Suriname, ``row`` ``SE``, Sweden, ``etsi`` ``CH``, Switzerland, ``etsi`` ``TW``, Taiwan, ``row`` ``TZ``, Tanzania, ``row`` ``TG``, Togo, ``row`` ``TH``, Thailand, ``row`` ``TT``, Trinidad and Tobago, ``row`` ``TN``, Tunisia, ``row`` ``TR``, Turkey, ``etsi`` ``TC``, Turks and Caicos, ``row`` ``UG``, Uganda, ``row`` ``UA``, Ukraine, ``row`` ``AE``, United Arab Emirates, ``row`` ``GB``, United Kingdom, ``etsi`` ``US``, United States of America, ``fcc`` ``UY``, Uruguay, ``row`` ``UZ``, Uzbekistan, ``row`` ``VU``, Vanuatu, ``row`` ``VE``, Venezuela, ``row`` ``VN``, Vietnam, ``row`` ``VI``, Virgin Islands, ``row`` ``WF``, Wallis and Futuna, ``row`` ``YE``, Yemen, ``row`` ``ZW``, Zimbabwe, ``row`` All information about the device regulatory domain can be obtained by mean of the following *CLI* command: .. code-block:: none admin@osdx$ controllers wlan show regdomain Regulatory Domain: etsi (European Telecommunications Standards Institute) Allowed countries: AD,AL,AT,BA,BE,BG,CH,CY,CZ,DE,DK,EE,ES,FI,FR,GB,GR,HR,HU,IE,IS,IT,LI,LT,LU,LV,MC,MD,ME,MK,MT,NL,NO,PL,PT,RO,RS,SE,SI,SK,TR Default country: ES (Spain) -------------------------------------------------------------------------------------------------------- Freq. range Channels per bandwidth Max. EIRP Flags -------------------------------------------------------------------------------------------------------- 2402MHz - 2482MHz 20MHz: 1,2,3,4,5,6,7,8,9,10,11,12,13 20dBm - 40MHz: 1,2,3,4,5,6,7,8,9,10,11,12,13 5170MHz - 5250MHz 20MHz: 36,40,44,48 23dBm indoor 40MHz: 36,40,44,48 80MHz: 36,40,44,48 5250MHz - 5330MHz 20MHz: 52,56,60,64 23dBm dfs,indoor 40MHz: 52,56,60,64 80MHz: 52,56,60,64 5490MHz - 5730MHz 20MHz: 100,104,108,112,116,120,124,128,132,136,140,144 30dBm dfs,indoor/outdoor 40MHz: 100,104,108,112,116,120,124,128,132,136,140,144 80MHz: 100,104,108,112,116,120,124,128,132,136,140,144 5735MHz - 5875MHz 20MHz: 149,153,157,161,165,169,173 14dBm indoor/outdoor 40MHz: 149,153,157,161,165,169 80MHz: 149,153,157,161 Since the *ROW* domain groups countries with different regulations, it's possible to filter out the results by *country* to see what is relevant in a specific area. Controllers =========== Physical-related parameters and common *interface* ones are configured by mean of the WLAN *controllers*. All WLAN controllers are pre-allocated during boot-up, meaning the *creation* and *deletion* actions are not supported. Depending on the characteristics of the associated radio module, some parameters will only accept a specific set values. OSDX provides a command that lists all the relevant information from the *CLI*. .. code-block:: none admin@osdx$ controllers wlan show capabilities Radio: wifi0 Type: physical Phy: phy0 Bands: 5GHz Bandwidths: 20MHz,40MHz,80MHz Modes: 802.11a,802.11n,802.11ac,802.11ax Supported channels: 36,40,44,48,52,56,60,64,100,104,108,112,116,120,124,128,132,136,140,144,149,153,157,161,165 Spatial streams: 2 Max. TX power: 16dBm (39.8mW) Max. stations: 64 Max. interfaces: 3 HT capabilities: SMPS-DYNAMIC,GF,TX-STBC,DSSS_CCK-40,LSIG-TXOP-PROT VHT capabilities: MAX-MPDU-11454,RXLDPC,TX-STBC-2BY1,RX-STBC-123,SU-BEAMFORMER,SU-BEAMFORMEE,SOUNDING-DIMENSION-2,MAX-A-MPDU-LEN-EXP7 Radio: wifi1 Type: virtual Base radio: wifi0 Bands: 2.4GHz Bandwidths: 20MHz,40MHz Modes: 802.11g,802.11n,802.11ax Supported channels: 1,2,3,4,5,6,7,8,9,10,11,12,13,14 HT capabilities: SMPS-DYNAMIC,GF,TX-STBC,DSSS_CCK-40,LSIG-TXOP-PROT VHT capabilities: MAX-MPDU-3895 A *radio* interface can be either *virtual* or *physical*. This provides an unified configuration interface in devices with a single phy sharing the same limitations (like the number of *interfaces* or *stations*) between all WLAN interfaces. Auto-channel selection ---------------------- OSDX devices implements an automatic mechanism for selecting the best channel in an WLAN environment. The main purpose of this procedure is to avoid using channels with heavy utilization or interferences that may degrade the overall performance. In order to select the best channel, the device must perform 5 scans in the configured band to gather enought survey date to make the decision. Then, an *interference factor* is built for each channel which will be later used to find the one with the lower value: .. math:: interference factor = 10^{(nf/2)} + \frac{time_{busy}}{({time_{active}-time_{rx}})} + 2^{(10^{(nf/10)}-10^{(nf_{min}/10)})} Where: * *noise floor* or *nf* is the sum off all the noise sources of the channel. * *minimum noise floor* is the smaller noise floor observed during all measurements. * *busy time* is the time unable to transmit because the channel was busy (used by another device). * *active time* is time spent on channel during scan. * *tx time* is the time spent transmitting data. Note that the coefficient of 2 reflects the way radiation decreases as the square of the distance from the antenna Interfaces ========== Network-specific parameters are configured under the ``interface wlan`` section, with ``phy`` and ``type`` being mandatory. The maximum number of interfaces allowed depends on the platform and can be checked using the ``show capabilities`` command described in the `Controllers`_ section. .. warning:: Some restrictions apply to devices that use the ``nxp`` wireless driver. In such case, WLAN interfaces will be pre-allocated allowing only a specific ``phy`` and ``type`` when configured. .. csv-table:: :align: left :header: Interface,Phy,Band,Type ``wlan0``, ``wifi0``, ``5GHz``, ``station`` ``wlan1``, ``wifi0``, ``5GHz``, ``access-point`` ``wlan2``, ``wifi0``, ``5GHz``, ``access-point`` ``wlan3``, ``wifi1``, ``2.4GHz``, ``station`` ``wlan4``, ``wifi1``, ``2.4GHz``, ``access-point`` ``wlan5``, ``wifi1``, ``2.4GHz``, ``access-point`` There are two ``types`` of WLAN interfaces supported by all wireless capable devices: `access-point`_ and `station`_. These two types are described in the following sections. .. image:: interfaces.svg :alt: Interfaces and controllers :align: center Once the device has at least one *interface* configured on top of a *controller*, the ``status`` of the device can be check using the ``show status`` command. .. code-block:: none admin@osdx# run controllers wlan show status Radio: wifi0 MAC Address: xx:xx:xx:xx:xx:xx Status: up Band: 5GHz Channel: 36 Bandwidth: 20MHz Tx-Power: 16dBm Radio: wifi1 MAC Address: xx:xx:xx:xx:xx:xx Status: up Band: 2.4GHz Channel: 11 Bandwidth: 20MHz Tx-Power: 16dBm Access-point ------------ This *type* implements the *infrastructure* mode where wireless devices connect to an *access-point* that forwards the packets between the connected stations and the wired network. Note that the access-point is the center point for all communications (unlike what happens with the *ad-hoc* mode, where connections between stations are point-to-point). **Security** All OSDX WLAN capable devices support the following security modes for the *access-point* role: .. csv-table:: :align: left :header: mode,akms,security framework,unicast ciphers, pmf *none*, , , , *WPA personal*, ``psk``, ``wpav1``, ``tkip`` ``aes-ccmp``, *WPA2 personal*, ``psk`` ``ft-psk``, ``rsn``, ``tkip`` ``aes-ccmp``, *WPA/WPA2 personal*, ``psk`` ``ft-psk``, ``wpav1`` ``rsn``, ``tkip`` ``aes-ccmp``, *WPA3 personal*, ``psk-256`` ``sae`` ``ft-sae`` ``owe``, ``rsn``, ``aes-ccmp`` ``aes-ccmp-256`` ``aes-gcmp`` ``aes-gcmp-256``, ``required`` *WPA2/WPA3 personal*, ``psk`` ``psk-256`` ``ft-psk`` ``sae`` ``ft-sae`` ``owe-transition``, ``rsn``, ``aes-ccmp`` ``aes-ccmp-256`` ``aes-gcmp`` ``aes-gcmp-256``, ``optional`` ``required`` (if ``owe-transition``) *WPA enterprise*, ``dot1x``, ``wpav1``, ``tkip`` ``aes-ccmp``, *WPA2 enterprise*, ``dot1x`` ``ft-dot1x``, ``rsn``, ``tkip`` ``aes-ccmp``, *WPA/WPA2 enterprise*, ``dot1x`` ``ft-dot1x``, ``wpav1`` ``rsn``, ``tkip`` ``aes-ccmp``, *WPA3 enterprise*, ``dot1x-256`` ``cnsa``, ``rsn``, ``aes-ccmp`` ``aes-ccmp-256`` ``aes-gcmp`` ``aes-gcmp-256`` (``cnsa``), ``required`` *WPA2/WPA3 enterprise*, ``dot1x`` ``dot1x-256`` ``ft-dot1x``, ``rsn``, ``aes-ccmp`` ``aes-ccmp-256`` ``aes-gcmp`` ``aes-gcmp-256``, ``optional`` Note that some security modes may call for additional parameters to be configured. On such cases, the CLI will report an error message to inform the user about the problem. A complete list of examples can be found :doc:`here ` Station ------- This type implements the ``station`` or *client* mode where the interface connects to an *access point* operating in *infrastructure* mode to provide connectivity through the air. Client mode is configured via *networks*. A ``network`` is just a set of rules that is evaluated when looking for a valid target so the first valid one with the highest priority is used. The network *priority* is identified by mean of the index and is evaluated in descending order (*1* being the highest priority and *16* the lowest). This configuration method gives the administrator a lot of flexibility when working in complex deployments allowing the interface to connect to different networks based on many conditions. .. warning:: Note that only 1 interface in ``station`` mode per radio is supported in OSDX. The security configuration is almost the same as the one described under the `Access-point`_ section. The only difference is that the ``owe-transition`` mode is not allowed, since it doesn't make sense in ``station`` mode. For example, the following excerpt shows how to configure an interface in ``station`` mode using *WPA3 personal* security: .. code-block:: none set interfaces wlan wlan0 phy wifi1 set interfaces wlan wlan0 type station network 1 security akm sae set interfaces wlan wlan0 type station network 1 security pmf required set interfaces wlan wlan0 type station network 1 security psk-passphrase 1234567890 set interfaces wlan wlan0 type station network 1 ssid test_24ghz Eap methods ``MSCHAPv2``, ``TTL``, ``TTLS`` (with ``MD5``, ``MSCHAPv2`` and ``TTL``) and ``PEAP`` (with ``MD5`` with ``MSCHAPv2``) are also supported. On the next example, a station will try to connect to a network with *WPA3 Enterprise* security using the *TTLS-TTL EAP* method (that is, a *TTL* tunnel with certificates). Make sure the device has the *ca.pem*, *client.pem* and *client.key* certificates in the ``/config/auth/certificates`` folder. .. code-block:: none set interfaces wlan wlan0 phy wifi0 set interfaces wlan wlan0 type station network 1 security akm cnsa set interfaces wlan wlan0 type station network 1 security ca-certificate 'running://auth/certificates/ca.pem' set interfaces wlan wlan0 type station network 1 security client-certificate 'running://auth/certificates/client.pem' set interfaces wlan wlan0 type station network 1 security client-private-key 'running://auth/certificates/client.key' set interfaces wlan wlan0 type station network 1 security client-private-password whatever set interfaces wlan wlan0 type station network 1 security eap-method ttls inner-method tls set interfaces wlan wlan0 type station network 1 security framework rsn set interfaces wlan wlan0 type station network 1 security identity user set interfaces wlan wlan0 type station network 1 security pmf required set interfaces wlan wlan0 type station network 1 ssid test_radius Examples ======== :doc:`Here `, you can find different examples of these options. Command Summary =============== .. osdx:cmdtree:: cfg controllers wlan interfaces wlan system wlan .. osdx:cmdtree:: op controllers wlan interfaces wlan