MAN page from openSUSE Tumbleweed wicked-0.6.45-1.1.x86_64.rpm
Section: Network configuration (5)
Updated: January 2014Index
ifcfg-wireless - wireless LAN network interface configuration
Wireless networks need some additional configuration data compared to ethernetones. Therefore additional variables for ifcfg files were introduced.Some wireless variables are not applicable to a single wireless network but areglobal to the interface. The description of the variable points this out.
- Mandatory options:
- Set the SSID/ESSID (or Network Name - in some products it may also calledDomain ID). The ESSID is used to identify cells which are part of the samevirtual network. If emtpy or set to any the node will connect to theAccess Point with the best signal strength around (in managed operatingmode). For WLANs that make use of WPA (see WIRELESS_AUTH_MODE below)you need to set your ESSID.
- Global wireless options:
- Defines which SSID scan mode should be used. Mode 0 means the driverperforms the scan. Mode 1 means wpa_supplicant takes care of scanning. Mode2 is basically the same as mode 0 but the access point gets chosen bysecurity policy and SSID. This mode does not support multiple networksettings. Default is "1" for most drivers. Try "0" or "2" if you haveproblems associating to your access point. This variable can have nosuffix. This is only used in conjuntion with wpa_supplicant.
- This variable allows to override the wpa driver name that should be usedby the wpa_supplicant. In most cases "nl80211" (default on openSUSE 11.3)or "wext" (old default) can be used, but there are few exceptions.
The new "nl80211" wpa driver supports wireless regulatory domain, thatcan be set in /etc/sysconfig/network/config, WIRELESS_REGULATORY_DOMAINvariable (global).
- Wireless network configuration options:
- Sets authentication mode. The mode depends on the protection technologybeing used, WEP or WPA. WEP (Wired Equivalent Privacy) is a system toencrypt wireless network traffic, with an optional authentication on thebasis of the used encryption key. In most cases where WEP is used, openmode (no authentication at all) is fine. This does not mean that you cannot use WEP encryption. Some networks may require sharedkey authentication.
NOTE: Shared key authentication makes it easier for a potential attacker tobreak into your network. Unless you have specific needs for shared keyauthentication, use the open mode. As WEP has been proved insecure, WPA(Wi-Fi Protected Access) was defined to close its security wholes, but notevery hardware supports WPA. In case you want to use WPA-PSK (WPA presharedkey authentication, aka WPA "Home"), set this to psk. In case you wantto use WPA-EAP (WPA with Extensible Authentication Protocol, aka WPA"Enterprise"), set this to eap. WPA authentication modes are onlypossible when WIRELESS_MODE is set to managed.
- Set the operating mode of the device, which depends on the network topology.Set to ad-hoc for network composed of only one cell and without AccessPoint, managed for network composed of many cells, with roaming or with anAccess Point, master if you want your system act as an Access Point orsynchronisation master. If unset, managed will be used.
- In environments with multiple Access points you may want to define the oneto connect to by entering its MAC address. Format is 6x2 hex digits,separated by colons, eg 01:02:03:04:05:06.See also the iwconfig ap option description in the iwconfig(8) manual page.
Note, that some drivers (mac80211 based) may require to set this variableto a specific access point address, 'any' or 'off' to start scanning foran appropriate cell, so ifup-wireless sets it to 'any' in Managed andAd-Hoc modes when the variable is empty.
- This variable only makes sense used in conjunction with multiplenetworks. If you want to prefer one configured network for over another, setthe respecitve WIRELESS_PRIORITY variable (means, with the same suffix) to ahigher value (integer only). NOTE: This does not work for networks that areconfigured with WIRELESS_HIDDEN_SSID="yes" (which is default). For networkswith hidden SSID scanning support the suffix number is important. Thenetwork with the lowest suffix number gets probed first.
- With this variable you can define the channel being used. This is onlyapplicable to ad-hoc and master operating modes. Channels are usuallynumbered starting at 1, and you may use iwpriv(8) to get the total number ofchannels and list the available frequencies. Depending on regulations, somefrequencies/channels may not be available.
- You can define up to 4 WEP encryption keys. You can use WEP with open andsharedkey authentication. The key can be entered in different formats:Either directly in hex digits, with or without dashes, or in the key's ASCIIrepresentation (prefix s: ), or as a passphrase which will be hashed (prefixh: ). The amount of hex digits resp. length of the ASCII key depends on thekey size being used: 10 hex digits or 5 ASCII characters for 64 bit keys, 26hex digits or 6 to 13 ASCII characters for 128 bit keys (seeWIRELESS_KEY_LENGTH below). Examples:
You can also use 1, 2, or 3 as suffix for multiple key settings. Thisis usually not necessary. Leave empty if you do not want WEP.
- Sets the default WEP key. The default key is used to encrypt outgoingpackets, incoming ones are decrypted with the key number specified in thepacket. This defaults to 0.
- Defines the length in bits for all keys used. There are currently 40 and 104bit keys supported. Sometimes they are also called 64 resp. 128 bits(depends on whether you count the 24 bit initialization vetor or not).This variable is only meaningful if you enter the key as passphrase.
- Using this variable you can specify the WPA protocol to be used.Valid values are WPA and RSN (aka WPA2, can be also used as synonym).Default is to allow both. When using WIRELESS_AP_SCANMODE 2, thisvariable needs to be set, otherwise WPA will be used as fallback.
- When using WPA-PSK authentication, you need to specify your preshared keyhere. The key is used for authentication and encryption purposes. You canenter it in hex digits (needs to be exactly 64 digits long) or as passphrasegetting hashed (8 to 63 ASCII characters long).
- WPA modes support two different encryption systems, TKIP andCCMP. This variable defines which to use for unicast communication.Default is to allow both. In case you want to restrict it to oneprotocol, set this variable. When using WIRELESS_AP_SCANMODE 2, thisvariable needs to be set, otherwise TKIP will be used as fallback.
- WPA modes support two different encryption systems, TKIP andCCMP. This variable defines which to use for broad-/multicastcommunication. Default is to allow both. In case you want torestrict it to one protocol, set this variable. When usingWIRELESS_AP_SCANMODE 2, this variable needs to be set, otherwiseTKIP will be used as fallback.
- WPA-EAP can use different outer authentication (i.e. TLS tunnel) methods.Supported value is PEAP (TLS and TTLS not fully implemented yet.Default is to allow subset TTLS PEAP TLS.
- WPA-EAP can use different inner authentication with TLS tunnel methods.Supported values are PAP, CHAP, MSCHAP, MSCHAPv2. Default is to allow any.
- Needs to be set in conjunction with WPA-EAP. Set to your identity asconfigured on the RADIUS server.
- Needs to be set in conjunction with WPA-EAP. Set to your password asconfigured on the RADIUS server.
- Sets anonymous identity. Default is "anonymous". The anonymous identity isused with WPA-EAP protocols that support different tunnelled identities(e.g., TTLS).
- When using WPA-EAP with PEAP authentication, you can usethis variable to force which PEAP version (0 or 1) to be used.Default is to allow both.
- When set to 1 the new label: "client PEAP encryption" can be enforcedto be used during key derivation with version PEAPv1 or newer. Most existingPEAPv1 implementation tend to use the old label, "client EAP encryption",which is the default value for wpa_supplicant.Default value is 0.
- Defines whether hidden SSID scan support should be enabled. Setting this to"no" can speed up scanning and makes the usage of WIRELESS_PRIORITYpossible. This is only used in conjunction with wpa_supplicant.
- Fragmentation allow to split a IP packet in a burst of smaller fragmentstransmitted on the medium. In most cases this adds overhead, but in verynoisy environment this reduce the error penalty. Possible values: anyinteger (representing the maximum fragment size), auto, fixed, or off.
Some examples of different configuration types supported at the moment:
- Common parameters
BOOTPROTO='dhcp' NAME='PRO/Wireless 4965 AG or AGN [Kedron] Network Connection' STARTMODE='auto'
- Global wireless parameters
- WPA-EAP network configuration
WIRELESS_AUTH_MODE='eap' WIRELESS_EAP_MODE='PEAP' WIRELESS_EAP_AUTH='mschapv2' WIRELESS_ESSID='example_ssid' WIRELESS_MODE='Managed' WIRELESS_PEAP_VERSION='' WIRELESS_WPA_ANONID='' WIRELESS_WPA_IDENTITY='' WIRELESS_WPA_PASSWORD='example_passwd'
- WPA-PSK network configuration
WIRELESS_AP='00:11:22:33:44:55' WIRELESS_AUTH_MODE='psk' WIRELESS_CHANNEL='11' WIRELESS_ESSID='example_ssid' WIRELESS_MODE='Managed' WIRELESS_WPA_PSK='example_passwd'
- WEP network configuration
WIRELESS_AUTH_MODE='shared' WIRELESS_DEFAULT_KEY='2' WIRELESS_ESSID='example_ssid' WIRELESS_KEY_0="0-1-2-3-4-5-6-7-8-9-10-11-12-13-14-15-16-17-18-19-20-21-22-23-24-25" WIRELESS_KEY_1="s:password" WIRELESS_KEY_LENGTH='128' WIRELESS_MODE='Managed'
- Open network configuration
Copyright (C) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
Please report bugs at <https://bugzilla.novell.com/index.cgi
Joachim Gleissner -- original wireless man pagePawel Wieczorkiewicz -- wicked wireless
- SEE ALSO
This document was created byman2html,using the manual pages.