svn commit: r41698 - projects/ISBN_1-57176-407-0/en_US.ISO8859-1/books/handbook/advanced-networking
Dru Lavigne
dru at FreeBSD.org
Mon May 20 13:44:27 UTC 2013
Author: dru
Date: Mon May 20 13:44:26 2013
New Revision: 41698
URL: http://svnweb.freebsd.org/changeset/doc/41698
Log:
White space fix only. Translators can ignore.
Approved by: mentors (implicit)
Modified:
projects/ISBN_1-57176-407-0/en_US.ISO8859-1/books/handbook/advanced-networking/chapter.xml
Modified: projects/ISBN_1-57176-407-0/en_US.ISO8859-1/books/handbook/advanced-networking/chapter.xml
==============================================================================
--- projects/ISBN_1-57176-407-0/en_US.ISO8859-1/books/handbook/advanced-networking/chapter.xml Mon May 20 12:50:10 2013 (r41697)
+++ projects/ISBN_1-57176-407-0/en_US.ISO8859-1/books/handbook/advanced-networking/chapter.xml Mon May 20 13:44:26 2013 (r41698)
@@ -46,7 +46,8 @@
</listitem>
<listitem>
- <para>How to set up <acronym>IPv6</acronym> on a &os; machine.</para>
+ <para>How to set up <acronym>IPv6</acronym> on a &os;
+ machine.</para>
</listitem>
<listitem>
@@ -54,9 +55,9 @@
</listitem>
<listitem>
- <para>How to enable and utilize the features of the
- Common Address Redundancy Protocol
- (<acronym>CARP</acronym>) in &os;.</para>
+ <para>How to enable and utilize the features of the Common
+ Address Redundancy Protocol (<acronym>CARP</acronym>) in
+ &os;.</para>
</listitem>
</itemizedlist>
@@ -78,8 +79,8 @@
</listitem>
<listitem>
- <para>Know how to install additional third-party
- software (<xref linkend="ports"/>).</para>
+ <para>Know how to install additional third-party software
+ (<xref linkend="ports"/>).</para>
</listitem>
</itemizedlist>
@@ -107,10 +108,10 @@
one to the other. This is called
<firstterm>routing</firstterm>. A <quote>route</quote> is a
defined pair of addresses: a <quote>destination</quote> and a
- <quote>gateway</quote>. The pair indicates that when
- trying to get to this <emphasis>destination</emphasis>,
- communicate through this <emphasis>gateway</emphasis>. There
- are three types of destinations: individual hosts, subnets, and
+ <quote>gateway</quote>. The pair indicates that when trying
+ to get to this <emphasis>destination</emphasis>, communicate
+ through this <emphasis>gateway</emphasis>. There are three
+ types of destinations: individual hosts, subnets, and
<quote>default</quote>. The <quote>default route</quote> is
used if none of the other routes apply. There are also three
types of gateways: individual hosts, interfaces (also called
@@ -139,9 +140,8 @@ host2.example.com link#1 UC
224 link#1 UC 0 0</screen>
<indexterm><primary>default route</primary></indexterm>
- <para>The first two lines specify the default route,
- described in more detail in
- <xref linkend="network-routing-default"/>,
+ <para>The first two lines specify the default route, described
+ in more detail in <xref linkend="network-routing-default"/>,
and the <hostid>localhost</hostid> route.</para>
<indexterm><primary>loopback device</primary></indexterm>
@@ -156,46 +156,41 @@ host2.example.com link#1 UC
<primary>Ethernet</primary>
<secondary>MAC address</secondary>
</indexterm>
- <para>The addresses beginning
- with <hostid role="mac">0:e0:</hostid> are Ethernet
- hardware addresses, also known as <acronym>MAC</acronym>
- addresses.
- &os; will automatically identify any hosts,
- <hostid>test0</hostid> in the example, on the local Ethernet
- and add a route for that host over the
- Ethernet interface, <devicename>ed0</devicename>. This type
- of route has a timeout, seen in the <literal>Expire</literal>
- column, which is used if
- the host does not respond in a specific amount of time. When
- this happens, the
- route to this host will be automatically deleted. These hosts
- are identified using the Routing
- Information Protocol (<acronym>RIP</acronym>), which
- calculates routes to local hosts
- based upon a shortest path determination.</para>
+ <para>The addresses beginning with <hostid
+ role="mac">0:e0:</hostid> are Ethernet hardware addresses,
+ also known as <acronym>MAC</acronym> addresses. &os; will
+ automatically identify any hosts, <hostid>test0</hostid> in
+ the example, on the local Ethernet and add a route for that
+ host over the Ethernet interface,
+ <devicename>ed0</devicename>. This type of route has a
+ timeout, seen in the <literal>Expire</literal> column, which
+ is used if the host does not respond in a specific amount of
+ time. When this happens, the route to this host will be
+ automatically deleted. These hosts are identified using the
+ Routing Information Protocol (<acronym>RIP</acronym>), which
+ calculates routes to local hosts based upon a shortest path
+ determination.</para>
<indexterm><primary>subnet</primary></indexterm>
<para>&os; will add subnet routes for the local subnet.
<hostid role="ipaddr">10.20.30.255</hostid> is the broadcast
- address for the subnet
- <hostid role="ipaddr">10.20.30</hostid> and
- <hostid role="domainname">example.com</hostid> is the domain
- name associated with that subnet. The designation
+ address for the subnet <hostid role="ipaddr">10.20.30</hostid>
+ and <hostid role="domainname">example.com</hostid> is the
+ domain name associated with that subnet. The designation
<literal>link#1</literal> refers to the first Ethernet card in
the machine.</para>
- <para>Local network hosts and local
- subnets have their routes automatically configured by a
- daemon called &man.routed.8;. If it is
- not running, only routes which are statically defined
+ <para>Local network hosts and local subnets have their routes
+ automatically configured by a daemon called &man.routed.8;.
+ If it is not running, only routes which are statically defined
by the administrator will exist.</para>
<para>The <literal>host1</literal> line refers to the host
- by its Ethernet address. Since it is the sending
- host, &os; knows to use the loopback interface
- (<devicename>lo0</devicename>) rather than
- the Ethernet interface.</para>
+ by its Ethernet address. Since it is the sending host, &os;
+ knows to use the loopback interface
+ (<devicename>lo0</devicename>) rather than the Ethernet
+ interface.</para>
<para>The two <literal>host2</literal> lines represent aliases
which were created using &man.ifconfig.8;. The
@@ -206,8 +201,8 @@ host2.example.com link#1 UC
hosts on the local network will have a
<literal>link#1</literal> line for such routes.</para>
- <para>The final line (destination subnet
- <hostid role="ipaddr">224</hostid>) deals with
+ <para>The final line (destination subnet <hostid
+ role="ipaddr">224</hostid>) deals with
multicasting.</para>
<para>Finally, various attributes of each route can be seen in
@@ -276,8 +271,8 @@ host2.example.com link#1 UC
<para>When the local system needs to make a connection to a
remote host, it checks the routing table to determine if a
known path exists. If the remote host falls into a subnet
- that it knows how to reach, the system
- checks to see if it can connect using that interface.</para>
+ that it knows how to reach, the system checks to see if it
+ can connect using that interface.</para>
<para>If all known paths fail, the system has one last option:
the <quote>default</quote> route. This route is a special
@@ -287,13 +282,13 @@ host2.example.com link#1 UC
gateway is set to the system which has a direct connection to
the Internet.</para>
- <para>The default route for a machine
- which itself is functioning as the gateway to the outside
- world, will be the gateway machine at
- the Internet Service Provider (<acronym>ISP</acronym>).</para>
+ <para>The default route for a machine which itself is
+ functioning as the gateway to the outside world, will be the
+ gateway machine at the Internet Service Provider
+ (<acronym>ISP</acronym>).</para>
- <para>This example is a
- common configuration for a default route:</para>
+ <para>This example is a common configuration for a default
+ route:</para>
<mediaobject>
<imageobject>
@@ -311,12 +306,11 @@ host2.example.com link#1 UC
<hostid>Local1</hostid> is connected to an
<acronym>ISP</acronym> using a
<acronym>PPP</acronym> connection. This
- <acronym>PPP</acronym> server is connected through
- a local area network to another gateway computer through an
- external interface to the <acronym>ISP</acronym>.</para>
+ <acronym>PPP</acronym> server is connected through a local
+ area network to another gateway computer through an external
+ interface to the <acronym>ISP</acronym>.</para>
- <para>The default routes for each machine will
- be:</para>
+ <para>The default routes for each machine will be:</para>
<informaltable frame="none" pgwide="1">
<tgroup cols="3">
@@ -347,29 +341,25 @@ host2.example.com link#1 UC
<para>A common question is <quote>Why is
<hostid>T1-GW</hostid> configured as the default gateway for
<hostid>Local1</hostid>, rather than the
- <acronym>ISP</acronym> server it is
- connected to?</quote>.</para>
+ <acronym>ISP</acronym> server it is connected
+ to?</quote>.</para>
<para>Since the <acronym>PPP</acronym> interface is using an
- address on
- the <acronym>ISP</acronym>'s local network for the local side
- of the connection,
- routes for any other machines on the <acronym>ISP</acronym>'s
- local network will
+ address on the <acronym>ISP</acronym>'s local network for
+ the local side of the connection, routes for any other
+ machines on the <acronym>ISP</acronym>'s local network will
be automatically generated. The system already knows how
to reach the <hostid>T1-GW</hostid> machine, so there is no
need for the intermediate step of sending traffic to the
- <acronym>ISP</acronym>'s
- server.</para>
+ <acronym>ISP</acronym>'s server.</para>
- <para>It is common to use the address
- <hostid role="ipaddr">X.X.X.1</hostid> as the gateway address
- for the local network. So, if the
- local class C address space is
+ <para>It is common to use the address <hostid
+ role="ipaddr">X.X.X.1</hostid> as the gateway address for
+ the local network. So, if the local class C address space is
<hostid role="ipaddr">10.20.30</hostid> and the
- <acronym>ISP</acronym> is using
- <hostid role="ipaddr">10.9.9</hostid>, the default routes
- would be:</para>
+ <acronym>ISP</acronym> is using <hostid
+ role="ipaddr">10.9.9</hostid>, the default routes would
+ be:</para>
<informaltable frame="none" pgwide="1">
<tgroup cols="2">
@@ -395,8 +385,8 @@ host2.example.com link#1 UC
<para>The default route can be easily defined in
<filename>/etc/rc.conf</filename>. In this example, on
- <hostid>Local2</hostid>, add the following
- line to <filename>/etc/rc.conf</filename>:</para>
+ <hostid>Local2</hostid>, add the following line to
+ <filename>/etc/rc.conf</filename>:</para>
<programlisting>defaultrouter="10.20.30.1"</programlisting>
@@ -414,17 +404,16 @@ host2.example.com link#1 UC
<indexterm><primary>dual homed hosts</primary></indexterm>
- <para>A a dual-homed system
- is a host which resides on two different networks.</para>
+ <para>A a dual-homed system is a host which resides on two
+ different networks.</para>
<para>The dual-homed machine might have two Ethernet cards, each
having an address on a separate subnet. Alternately, the
- machine can have one Ethernet card and uses
- &man.ifconfig.8; aliasing. The former is used if two
- physically separate Ethernet networks are in use and the
- latter
- if there is one physical network segment, but two logically
- separate subnets.</para>
+ machine can have one Ethernet card and uses &man.ifconfig.8;
+ aliasing. The former is used if two physically separate
+ Ethernet networks are in use and the latter if there is one
+ physical network segment, but two logically separate
+ subnets.</para>
<para>Either way, routing tables are set up so that each subnet
knows that this machine is the defined gateway (inbound route)
@@ -433,9 +422,9 @@ host2.example.com link#1 UC
to implement packet filtering or firewall security in
either or both directions.</para>
- <para>For this machine to forward packets
- between the two interfaces, &os; must be configured as a
- router, as demonstrated in the next section.</para>
+ <para>For this machine to forward packets between the two
+ interfaces, &os; must be configured as a router, as
+ demonstrated in the next section.</para>
</sect2>
<sect2 id="network-dedicated-router">
@@ -443,8 +432,8 @@ host2.example.com link#1 UC
<indexterm><primary>router</primary></indexterm>
- <para>A network router is a system that forwards packets
- from one interface to another. Internet standards and good
+ <para>A network router is a system that forwards packets from
+ one interface to another. Internet standards and good
engineering practice prevent the &os; Project from enabling
this by default in &os;. This feature can be enabled by
changing the following variable to <literal>YES</literal> in
@@ -454,17 +443,17 @@ host2.example.com link#1 UC
<para>This option will set the &man.sysctl.8; variable
<varname>net.inet.ip.forwarding</varname> to
- <literal>1</literal>. To stop routing,
- reset this to <literal>0</literal>.</para>
+ <literal>1</literal>. To stop routing, reset this to
+ <literal>0</literal>.</para>
<indexterm><primary>BGP</primary></indexterm>
<indexterm><primary>RIP</primary></indexterm>
<indexterm><primary>OSPF</primary></indexterm>
<para>The new router will need routes to know where to send the
- traffic. If the network is simple enough, static
- routes can be used. &os; comes with the standard BSD routing
- daemon &man.routed.8;, which speaks <acronym>RIP</acronym>
- versions 1 and 2, and <acronym>IRDP</acronym>. Support for
+ traffic. If the network is simple enough, static routes can
+ be used. &os; comes with the standard BSD routing daemon
+ &man.routed.8;, which speaks <acronym>RIP</acronym> versions
+ 1 and 2, and <acronym>IRDP</acronym>. Support for
<acronym>BGP</acronym>v4, <acronym>OSPF</acronym>v2, and other
sophisticated routing protocols is available with the
<filename role="package">net/zebra</filename> package or
@@ -523,16 +512,14 @@ host2.example.com link#1 UC
<para>In this scenario, <hostid>RouterA</hostid> is a &os;
machine that is acting as a router to the rest of the
- Internet. It has a default route set to
- <hostid role="ipaddr">10.0.0.1</hostid> which allows it to
+ Internet. It has a default route set to <hostid
+ role="ipaddr">10.0.0.1</hostid> which allows it to
connect with the outside world. <hostid>RouterB</hostid> is
- already configured properly as it
- uses
- <hostid role="ipaddr">192.168.1.1</hostid> as the
- gateway.</para>
+ already configured properly as it uses <hostid
+ role="ipaddr">192.168.1.1</hostid> as the gateway.</para>
- <para>The routing table on
- <hostid>RouterA</hostid> looks something like this:</para>
+ <para>The routing table on <hostid>RouterA</hostid> looks
+ something like this:</para>
<screen>&prompt.user; <userinput>netstat -nr</userinput>
Routing tables
@@ -545,13 +532,11 @@ default 10.0.0.1 UG
192.168.1.0/24 link#2 UC 0 0 xl1</screen>
<para>With the current routing table, <hostid>RouterA</hostid>
- cannot reach Internal Net 2 as it does not
- have a route for
+ cannot reach Internal Net 2 as it does not have a route for
<hostid role="ipaddr">192.168.2.0/24</hostid>. The
- following
- command adds the Internal Net 2 network to
- <hostid>RouterA</hostid>'s routing table using
- <hostid role="ipaddr">192.168.1.2</hostid> as the next
+ following command adds the Internal Net 2 network to
+ <hostid>RouterA</hostid>'s routing table using <hostid
+ role="ipaddr">192.168.1.2</hostid> as the next
hop:</para>
<screen>&prompt.root; <userinput>route add -net 192.168.2.0/24 192.168.1.2</userinput></screen>
@@ -564,11 +549,11 @@ default 10.0.0.1 UG
<sect3>
<title>Persistent Configuration</title>
- <para>The above example configures a static
- route on a running system. However, the
- routing information will not persist if the &os; system
- reboots. Persistent static routes can be
- entered in <filename>/etc/rc.conf</filename>:</para>
+ <para>The above example configures a static route on a
+ running system. However, the routing information will not
+ persist if the &os; system reboots. Persistent static
+ routes can be entered in
+ <filename>/etc/rc.conf</filename>:</para>
<programlisting># Add Internal Net 2 as a static route
static_routes="internalnet2"
@@ -576,23 +561,21 @@ route_internalnet2="-net 192.168.2.0/24
<para>The <literal>static_routes</literal> configuration
variable is a list of strings separated by a space, where
- each
- string references a route name. This example
- only has one string in <literal>static_routes</literal>,
+ each string references a route name. This example only
+ has one string in <literal>static_routes</literal>,
<replaceable>internalnet2</replaceable>. The variable
<literal>route_<replaceable>internalnet2</replaceable></literal>
- contains all of the configuration parameters
- to &man.route.8;. This example is equivalent
- to the command:</para>
+ contains all of the configuration parameters to
+ &man.route.8;. This example is equivalen to the
+ command:</para>
<screen>&prompt.root; <userinput>route add -net 192.168.2.0/24 192.168.1.2</userinput></screen>
<para>Using more than one string in
- <literal>static_routes</literal> creates
- multiple static routes. The following shows an
- example of adding static routes for the
- <hostid role="ipaddr">192.168.0.0/24</hostid> and
- <hostid role="ipaddr">192.168.1.0/24</hostid>
+ <literal>static_routes</literal> creates multiple static
+ routes. The following shows an example of adding static
+ routes for the <hostid role="ipaddr">192.168.0.0/24</hostid>
+ and <hostid role="ipaddr">192.168.1.0/24</hostid>
networks:</para>
<programlisting>static_routes="net1 net2"
@@ -610,16 +593,14 @@ route_net2="-net 192.168.1.0/24 192.168.
site. But how do external sites know to send their packets
to the network's <acronym>ISP</acronym>?</para>
- <para>There is a system
- that keeps track of all assigned address spaces
- and defines their point of connection to the Internet
- backbone, or the main trunk
- lines that carry Internet traffic across the country and
- around the world. Each backbone machine has a copy of a
- master set of tables, which direct traffic for a particular
- network to a specific backbone carrier, and from there down
- the chain of service providers until it reaches your
- network.</para>
+ <para>There is a system that keeps track of all assigned
+ address spaces and defines their point of connection to the
+ Internet backbone, or the main trunk lines that carry Internet
+ traffic across the country and around the world. Each
+ backbone machine has a copy of a master set of tables, which
+ direct traffic for a particular network to a specific
+ backbone carrier, and from there down the chain of service
+ providers until it reaches your network.</para>
<para>It is the task of the service provider to advertise to
the backbone sites that they are the point of connection, and
@@ -637,17 +618,16 @@ route_net2="-net 192.168.1.0/24 192.168.
<para>Sometimes, there is a problem with routing propagation
and some sites are unable to connect. Perhaps the most
useful command for trying to figure out where routing is
- breaking down is &man.traceroute.8;. It is
- useful when &man.ping.8; fails.</para>
+ breaking down is &man.traceroute.8;. It is useful when
+ &man.ping.8; fails.</para>
<para>When using &man.traceroute.8;, include the name of the
- remote host to connect to. The output will show the
- gateway hosts along the path of the attempt, eventually either
+ remote host to connect to. The output will show the gateway
+ hosts along the path of the attempt, eventually either
reaching the target host, or terminating because of a lack of
connection.</para>
- <para>For more information, refer to
- &man.traceroute.8;.</para>
+ <para>For more information, refer to &man.traceroute.8;.</para>
</sect2>
<sect2 id="network-routing-multicast">
@@ -661,17 +641,15 @@ route_net2="-net 192.168.1.0/24 192.168.
<secondary>MROUTING</secondary>
</indexterm>
<para>&os; natively supports both multicast applications and
- multicast
- routing. Multicast applications do not require any
+ multicast routing. Multicast applications do not require any
special configuration of &os;; as applications will generally
- run out of the box. Multicast routing
- requires that support be compiled into a custom kernel:</para>
+ run out of the box. Multicast routing requires that support
+ be compiled into a custom kernel:</para>
<programlisting>options MROUTING</programlisting>
- <para>The multicast routing daemon, &man.mrouted.8;,
- must be configured to set up tunnels and
- <acronym>DVMRP</acronym> via
+ <para>The multicast routing daemon, &man.mrouted.8;, must be
+ configured to set up tunnels and <acronym>DVMRP</acronym> via
<filename>/etc/mrouted.conf</filename>. More details on
multicast configuration may be found in
&man.mrouted.8;.</para>
@@ -682,8 +660,8 @@ route_net2="-net 192.168.1.0/24 192.168.
which has largely been replaced by &man.pim.4; in many
multicast installations. &man.mrouted.8; and the related
&man.map-mbone.8; and &man.mrinfo.8; utilities are available
- in the &os; Ports Collection as
- <filename role="package">net/mrouted</filename>.</para>
+ in the &os; Ports Collection as <filename
+ role="package">net/mrouted</filename>.</para>
</note>
</sect2>
</sect1>
@@ -729,96 +707,83 @@ route_net2="-net 192.168.1.0/24 192.168.
a
master with all the other stations associating to it, the
network is known as a <acronym>BSS</acronym>, and the master
- station is termed an
- access point (<acronym>AP</acronym>). In a
- <acronym>BSS</acronym>, all communication passes through
+ station is termed an access point (<acronym>AP</acronym>).
+ In a <acronym>BSS</acronym>, all communication passes through
the <acronym>AP</acronym>; even when one station wants to
- communicate with
- another wireless station, messages must go through the
- <acronym>AP</acronym>. In
- the second form of network, there is no master and stations
- communicate directly. This form of network is termed an
- <acronym>IBSS</acronym>
- and is commonly known as an
- <emphasis>ad-hoc network</emphasis>.</para>
+ communicate with another wireless station, messages must go
+ through the <acronym>AP</acronym>. In the second form of
+ network, there is no master and stations communicate directly.
+ This form of network is termed an <acronym>IBSS</acronym>
+ and is commonly known as an <emphasis>ad-hoc
+ network</emphasis>.</para>
<para>802.11 networks were first deployed in the 2.4GHz band
using protocols defined by the &ieee; 802.11 and 802.11b
standard. These specifications include the operating
frequencies and the <acronym>MAC</acronym> layer
- characteristics, including framing and
- transmission rates, as communication can occur at various
- rates. Later, the 802.11a standard defined operation in the
- 5GHz band, including different signaling mechanisms and
- higher transmission rates. Still later, the 802.11g standard
- defined the use of 802.11a signaling and
- transmission mechanisms in the 2.4GHz band in such a way as to
- be backwards compatible with 802.11b networks.</para>
+ characteristics, including framing and transmission rates,
+ as communication can occur at various rates. Later, the
+ 802.11a standard defined operation in the 5GHz band, including
+ different signaling mechanisms and higher transmission rates.
+ Still later, the 802.11g standard defined the use of 802.11a
+ signaling and transmission mechanisms in the 2.4GHz band in
+ such a way as to be backwards compatible with 802.11b
+ networks.</para>
<para>Separate from the underlying transmission techniques,
802.11 networks have a variety of security mechanisms. The
original 802.11 specifications defined a simple security
protocol called <acronym>WEP</acronym>. This protocol uses a
- fixed pre-shared key
- and the RC4 cryptographic cipher to encode data transmitted on
- a network. Stations must all agree on the fixed key in order
- to communicate. This scheme was shown to be easily broken and
- is now rarely used except to discourage transient users from
- joining networks. Current security practice is given by the
- &ieee; 802.11i specification that defines new cryptographic
- ciphers and an additional protocol to authenticate stations to
- an access point and exchange keys for data
- communication. Cryptographic keys are periodically
- refreshed and there are mechanisms for detecting
- and countering intrusion attempts. Another
+ fixed pre-shared key and the RC4 cryptographic cipher to
+ encode data transmitted on a network. Stations must all
+ agree on the fixed key in order to communicate. This scheme
+ was shown to be easily broken and is now rarely used except
+ to discourage transient users from joining networks. Current
+ security practice is given by the &ieee; 802.11i specification
+ that defines new cryptographic ciphers and an additional
+ protocol to authenticate stations to an access point and
+ exchange keys for data communication. Cryptographic keys
+ are periodically refreshed and there are mechanisms for
+ detecting and countering intrusion attempts. Another
security protocol specification commonly used in wireless
networks is termed <acronym>WPA</acronym>, which was a
- precursor to 802.11i. <acronym>WPA</acronym>
- specifies a subset of
- the requirements found in 802.11i and is designed for
- implementation on legacy hardware. Specifically,
- <acronym>WPA</acronym> requires
- only the <acronym>TKIP</acronym> cipher that is derived from
- the original <acronym>WEP</acronym>
- cipher. 802.11i permits use of <acronym>TKIP</acronym> but
- also requires support
- for a stronger cipher, AES-CCM, for encrypting data. The
- <acronym>AES</acronym>
- cipher was not required in <acronym>WPA</acronym> because it
- was deemed too
+ precursor to 802.11i. <acronym>WPA</acronym> specifies a
+ subset of the requirements found in 802.11i and is designed
+ for implementation on legacy hardware. Specifically,
+ <acronym>WPA</acronym> requires only the
+ <acronym>TKIP</acronym> cipher that is derived from the
+ original <acronym>WEP</acronym> cipher. 802.11i permits use
+ of <acronym>TKIP</acronym> but also requires support for a
+ stronger cipher, AES-CCM, for encrypting data. The
+ <acronym>AES</acronym> cipher was not required in
+ <acronym>WPA</acronym> because it was deemed too
computationally costly to be implemented on legacy
hardware.</para>
- <para>The other
- standard to be aware of is 802.11e. It defines
+ <para>The other standard to be aware of is 802.11e. It defines
protocols for deploying multimedia applications, such as
streaming video and voice over IP (<acronym>VoIP</acronym>),
- in
- an 802.11 network.
- Like 802.11i, 802.11e also has a precursor specification
- termed <acronym>WME</acronym> (later renamed
- <acronym>WMM</acronym>) that has been defined by an
+ in an 802.11 network. Like 802.11i, 802.11e also has a
+ precursor specification termed <acronym>WME</acronym> (later
+ renamed <acronym>WMM</acronym>) that has been defined by an
industry group as a subset of 802.11e that can be deployed now
to enable multimedia applications while waiting for the final
ratification of 802.11e. The most important thing to know
about 802.11e and
<acronym>WME</acronym>/<acronym>WMM</acronym> is that it
- enables prioritized
- traffic over a wireless network through Quality of Service
- (<acronym>QoS</acronym>) protocols and enhanced media access
- protocols. Proper
- implementation of these protocols enables high speed bursting
- of data and prioritized traffic flow.</para>
-
- <para>&os; supports networks that operate
- using 802.11a, 802.11b, and 802.11g. The
- <acronym>WPA</acronym> and 802.11i
+ enables prioritized traffic over a wireless network through
+ Quality of Service (<acronym>QoS</acronym>) protocols and
+ enhanced media access protocols. Proper implementation of
+ these protocols enables high speed bursting of data and
+ prioritized traffic flow.</para>
+
+ <para>&os; supports networks that operate using 802.11a,
+ 802.11b, and 802.11g. The <acronym>WPA</acronym> and 802.11i
security protocols are likewise supported (in conjunction with
any of 11a, 11b, and 11g) and <acronym>QoS</acronym> and
- traffic prioritization
- required by the <acronym>WME</acronym>/<acronym>WMM</acronym>
- protocols are supported for a limited
- set of wireless devices.</para>
+ traffic prioritization required by the
+ <acronym>WME</acronym>/<acronym>WMM</acronym> protocols are
+ supported for a limited set of wireless devices.</para>
</sect2>
<sect2 id="network-wireless-basic">
@@ -827,65 +792,58 @@ route_net2="-net 192.168.1.0/24 192.168.
<sect3>
<title>Kernel Configuration</title>
- <para>To use wireless networking, a wireless
- networking card is needed and the kernel needs to be
- configured with the
+ <para>To use wireless networking, a wireless networking card
+ is needed and the kernel needs to be configured with the
appropriate wireless networking support. The kernel is
separated into multiple modules so that only the required
- support needs to be
- configured.</para>
+ support needs to be configured.</para>
<para>The most
commonly used wireless devices are those that use parts made
- by
- Atheros. These devices are supported by &man.ath.4;
+ by Atheros. These devices are supported by &man.ath.4;
and require the following line to be added to
<filename>/boot/loader.conf</filename>:</para>
<programlisting>if_ath_load="YES"</programlisting>
<para>The Atheros driver is split up into three separate
- pieces: the driver (&man.ath.4;), the hardware
- support layer that handles chip-specific functions
+ pieces: the driver (&man.ath.4;), the hardware support
+ layer that handles chip-specific functions
(&man.ath.hal.4;), and an algorithm for selecting the
- rate for transmitting frames.
- When this support is loaded as
- kernel modules, any dependencies are automatically handled.
- To load support for a different type of wireless device,
- specify the module for that device. This example is for
- devices based on the Intersil Prism parts (&man.wi.4;)
- driver:</para>
+ rate for transmitting frames. When this support is loaded
+ as kernel modules, any dependencies are automatically
+ handled. To load support for a different type of wireless
+ device, specify the module for that device. This example
+ is for devices based on the Intersil Prism parts
+ (&man.wi.4;) driver:</para>
<programlisting>if_wi_load="YES"</programlisting>
<note>
- <para>The examples in this section use an
- &man.ath.4; device and the device name in the examples
- must
- be changed according to the configuration. A list of
+ <para>The examples in this section use an &man.ath.4;
+ device and the device name in the examples must be
+ changed according to the configuration. A list of
available wireless drivers and supported adapters can be
found in the &os; Hardware Notes, available on
the <ulink
url="http://www.FreeBSD.org/releases/index.html">Release
Information</ulink> page of the &os; website. If a
native &os; driver for the wireless device does not
- exist, it may be possible to use the &windows;
- driver with the help of the
- <link linkend="config-network-ndis">NDIS</link> driver
+ exist, it may be possible to use the &windows; driver
+ with the help of the <link
+ linkend="config-network-ndis">NDIS</link> driver
wrapper.</para>
</note>
- <para>In addition, the modules that implement
- cryptographic support for the security protocols
- to use must be loaded. These are intended to be dynamically
- loaded on
- demand by the &man.wlan.4; module, but for now they must be
- manually configured. The following modules are available:
+ <para>In addition, the modules that implement cryptographic
+ support for the security protocols to use must be loaded.
+ These are intended to be dynamically loaded on demand by
+ the &man.wlan.4; module, but for now they must be manually
+ configured. The following modules are available:
&man.wlan.wep.4;, &man.wlan.ccmp.4;, and &man.wlan.tkip.4;.
The &man.wlan.ccmp.4; and &man.wlan.tkip.4; drivers are
only needed when using the <acronym>WPA</acronym> or
- 802.11i
- security protocols. If the network does not use
+ 802.11i security protocols. If the network does not use
encryption, &man.wlan.wep.4; support is not needed. To
load these modules at boot time, add the following lines to
<filename>/boot/loader.conf</filename>:</para>
@@ -895,17 +853,15 @@ wlan_ccmp_load="YES"
wlan_tkip_load="YES"</programlisting>
<para>Once this information has been added to
- <filename>/boot/loader.conf</filename>, reboot
- the &os; box. Alternately,
- load the modules by hand using
+ <filename>/boot/loader.conf</filename>, reboot the &os;
+ box. Alternately, load the modules by hand using
&man.kldload.8;.</para>
<note>
<para>For users who do not want to use modules, it is
- possible to
- compile these drivers into the kernel by adding the
- following lines to a custom kernel configuration
- file:</para>
+ possible to compile these drivers into the kernel by
+ adding the following lines to a custom kernel
+ configuration file:</para>
<programlisting>device wlan # 802.11 support
device wlan_wep # 802.11 WEP support
@@ -922,10 +878,8 @@ device ath_rate_sample # SampleRate tx
machine.</para>
</note>
- <para>Information
- about the wireless device should appear in the boot
- messages, like
- this:</para>
+ <para>Information about the wireless device should appear
+ in the boot messages, like this:</para>
<screen>ath0: <Atheros 5212> mem 0x88000000-0x8800ffff irq 11 at device 0.0 on cardbus1
ath0: [ITHREAD]
@@ -937,12 +891,11 @@ ath0: AR2413 mac 7.9 RF2413 phy 4.5</scr
<title>Infrastructure Mode</title>
<para>Infrastructure (<acronym>BSS</acronym>) mode is the
- mode that is
- typically used. In this mode, a number of wireless access
- points are connected to a wired network. Each wireless
- network has its own name, called the <acronym>SSID</acronym>.
- Wireless clients connect to the wireless access
- points.</para>
+ mode that is typically used. In this mode, a number of
+ wireless access points are connected to a wired network.
+ Each wireless network has its own name, called the
+ <acronym>SSID</acronym>. Wireless clients connect to the
+ wireless access points.</para>
<sect3>
<title>&os; Clients</title>
@@ -950,12 +903,11 @@ ath0: AR2413 mac 7.9 RF2413 phy 4.5</scr
<sect4>
<title>How to Find Access Points</title>
- <para>To scan for available networks, use
- &man.ifconfig.8;. This request may
- take a few moments to complete as it requires the
- system to switch to each available wireless frequency and
- probe for available access points. Only the superuser
- can initiate a scan:</para>
+ <para>To scan for available networks, use &man.ifconfig.8;.
+ This request may take a few moments to complete as it
+ requires the system to switch to each available wireless
+ frequency and probe for available access points. Only
+ the superuser can initiate a scan:</para>
<screen>&prompt.root; <userinput>ifconfig <replaceable>wlan0</replaceable> create wlandev <replaceable>ath0</replaceable></userinput>
&prompt.root; <userinput>ifconfig <replaceable>wlan0</replaceable> up scan</userinput>
@@ -964,20 +916,20 @@ dlinkap 00:13:46:49:41:76 11
freebsdap 00:11:95:c3:0d:ac 1 54M -83:96 100 EPS WPA</screen>
<note>
- <para>The interface must be <option>up</option>
- before it can scan. Subsequent scan requests do not
- require the interface to be marked as up again.</para>
+ <para>The interface must be <option>up</option> before
+ it can scan. Subsequent scan requests do not require
+ the interface to be marked as up again.</para>
</note>
<para>The output of a scan request lists each
- <acronym>BSS</acronym>/<acronym>IBSS</acronym>
- network found. Besides listing the name of the network,
- the <literal>SSID</literal>, the output also shows the
+ <acronym>BSS</acronym>/<acronym>IBSS</acronym> network
+ found. Besides listing the name of the network, the
+ <literal>SSID</literal>, the output also shows the
<literal>BSSID</literal>, which is the
- <acronym>MAC</acronym> address of the
- access point. The <literal>CAPS</literal> field
- identifies the type of each network and the capabilities
- of the stations operating there:</para>
+ <acronym>MAC</acronym> address of the access point. The
+ <literal>CAPS</literal> field identifies the type of
+ each network and the capabilities of the stations
+ operating there:</para>
<table frame="none" pgwide="0">
<title>Station Capability Codes</title>
@@ -1003,18 +955,18 @@ freebsdap 00:11:95:c3:0d:ac 1
<row>
<entry><literal>I</literal></entry>
<entry><acronym>IBSS</acronym>/ad-hoc network.
- Indicates that the
- station is part of an ad-hoc network rather than
- an <acronym>ESS</acronym> network.</entry>
+ Indicates that the station is part of an ad-hoc
+ network rather than an <acronym>ESS</acronym>
+ network.</entry>
</row>
<row>
<entry><literal>P</literal></entry>
- <entry>Privacy. Encryption is required
- for all data frames exchanged within the
- <acronym>BSS</acronym>
- using cryptographic means such as
- <acronym>WEP</acronym>, <acronym>TKIP</acronym> or
+ <entry>Privacy. Encryption is required for all
+ data frames exchanged within the
+ <acronym>BSS</acronym> using cryptographic means
+ such as <acronym>WEP</acronym>,
+ <acronym>TKIP</acronym> or
<acronym>AES</acronym>-<acronym>CCMP</acronym>.</entry>
</row>
@@ -1022,10 +974,9 @@ freebsdap 00:11:95:c3:0d:ac 1
<entry><literal>S</literal></entry>
<entry>Short Preamble. Indicates that the network
is using short preambles, defined in 802.11b High
- Rate/DSSS PHY, and utilizes a 56 bit
- sync field rather than the 128 bit
- field used in
- long preamble mode.</entry>
+ Rate/DSSS PHY, and utilizes a 56 bit sync field
+ rather than the 128 bit field used in long
+ preamble mode.</entry>
</row>
<row>
@@ -1056,15 +1007,14 @@ freebsdap 00:11:95:c3:0d:ac 1
<para>This section provides a simple example of how to make
the wireless network adapter work in &os; without
encryption. Once familiar with these concepts, it is
- strongly recommend to use
- <link linkend="network-wireless-wpa">WPA</link> to set up
+ strongly recommend to use <link
+ linkend="network-wireless-wpa">WPA</link> to set up
the wireless network.</para>
<para>There are three basic steps to configure a wireless
network: select an access point, authenticate the
station, and configure an <acronym>IP</acronym> address.
- The following
- sections discuss each step.</para>
+ The following sections discuss each step.</para>
<sect5>
<title>Selecting an Access Point</title>
@@ -1072,15 +1022,14 @@ freebsdap 00:11:95:c3:0d:ac 1
<para>Most of the time, it is sufficient to let the system
choose an access point using the builtin heuristics.
This is the default behaviour when an interface is
- marked as
- up or it is listed in
+ marked as up or it is listed in
<filename>/etc/rc.conf</filename>:</para>
<programlisting>wlans_ath0="wlan0"
ifconfig_wlan0="DHCP"</programlisting>
- <para>If there are multiple access points,
- a specific one can be selected by its
+ <para>If there are multiple access points, a specific
+ one can be selected by its
<acronym>SSID</acronym>:</para>
<programlisting>wlans_ath0="wlan0"
@@ -1088,11 +1037,10 @@ ifconfig_wlan0="ssid <replaceable>your_s
<para>In an environment where there are multiple access
points with the same <acronym>SSID</acronym>, which
- is often done to simplify
- roaming, it may be necessary to associate to one
- specific device. In this case, the
- <acronym>BSSID</acronym> of the access point can
- be specified, with or without the
+ is often done to simplify roaming, it may be necessary
+ to associate to one specific device. In this case, the
+ <acronym>BSSID</acronym> of the access point can be
+ specified, with or without the
<acronym>SSID</acronym>:</para>
<programlisting>wlans_ath0="wlan0"
@@ -1100,8 +1048,7 @@ ifconfig_wlan0="ssid <replaceable>your_s
<para>There are other ways to constrain the choice of an
access point, such as limiting the set of frequencies
- the
- system will scan on. This may be useful for a
+ the system will scan on. This may be useful for a
multi-band wireless card as scanning all the possible
channels can be time-consuming. To limit operation to a
specific band, use the <option>mode</option>
@@ -1111,13 +1058,11 @@ ifconfig_wlan0="ssid <replaceable>your_s
ifconfig_wlan0="mode <replaceable>11g</replaceable> ssid <replaceable>your_ssid_here</replaceable> DHCP"</programlisting>
<para>This example will force the card to operate in
- 802.11g, which is
- defined only for 2.4GHz frequencies so any 5GHz channels
- will not be considered. This can also be achieved with
- the
+ 802.11g, which is defined only for 2.4GHz frequencies
+ so any 5GHz channels will not be considered. This can
+ also be achieved witt the
<option>channel</option> parameter, which locks
- operation to
- one specific frequency, and the
+ operation to one specific frequency, and the
<option>chanlist</option> parameter, to specify a list
of channels for scanning. More information about these
parameters can be found in &man.ifconfig.8;.</para>
@@ -1129,49 +1074,42 @@ ifconfig_wlan0="mode <replaceable>11g</r
<para>Once an access point is selected, the station
needs to authenticate before it can pass data.
Authentication can happen in several ways. The most
- common scheme, open authentication,
- allows any station to join the network and communicate.
- This is the authentication to use for test
- purposes the first time a wireless network is setup.
- Other schemes require cryptographic handshakes to be
- completed before data traffic can flow, either using
- pre-shared keys or secrets, or more complex schemes that
- involve backend services such as
- <acronym>RADIUS</acronym>.
- Open authentication is the default
- setting. The next most common setup is
- <acronym>WPA-PSK</acronym>, also
- known
- as <acronym>WPA</acronym> Personal, which is described
- in <xref
+ common scheme, open authentication, allows any station
+ to join the network and communicate. This is the
+ authentication to use for test purposes the first time
+ a wireless network is setup. Other schemes require
+ cryptographic handshakes to be completed before data
+ traffic can flow, either using pre-shared keys or
+ secrets, or more complex schemes that involve backend
+ services such as <acronym>RADIUS</acronym>. Open
+ authentication is the default setting. The next most
+ common setup is <acronym>WPA-PSK</acronym>, also
+ known as <acronym>WPA</acronym> Personal, which is
+ described in <xref
linkend="network-wireless-wpa-wpa-psk"/>.</para>
<note>
<para>If using an &apple; &airport; Extreme base
- station for an access point,
- shared-key authentication together with a
- <acronym>WEP</acronym> key needs to be configured.
- This can be configured in
+ station for an access point, shared-key authentication
+ together with a <acronym>WEP</acronym> key needs to
+ be configured. This can be configured in
<filename>/etc/rc.conf</filename> or by using
*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
More information about the svn-doc-projects
mailing list