Attachment #118103 for bug #160269

View | Details | Raw Unified | Return to bug 160269
Collapse All | Expand All




	    the 802.1X authentication protocol and uses one of several
	    ciphers instead of WEP for data integrity.  The only
	    cipher required by WPA is TKIP (Temporary Key Integrity
	    Protocol).  TKIP is a cipher that extends the basic RC4
	    cipher used by WEP by adding integrity checking, tamper
	    detection, and measures for responding to any detected
	    intrusions.  TKIP is designed to work on legacy hardware

	    station and the access point using a pre-shared secret.
	    The former is commonly termed WPA Enterprise with the
	    latter known as WPA Personal.  Since most people will not
	    set up a RADIUS backend server for their wireless network,
	    WPA-PSK is by far the most commonly encountered
	    configuration for WPA.</para>


	  <sect5 id="network-wireless-wpa-wpa-psk">
	    <title>WPA-PSK</title>

	    <para>WPA-PSK, also known as WPA-Personal, is based on a
	      pre-shared key (PSK) generated from a given password and
	      that will be used as the master key in the wireless
	      network.  This means every wireless user will share the

	    <programlisting>wlans_ath0="wlan0"
ifconfig_wlan0="WPA DHCP"</programlisting>

	    <para>Then we can bring up the interface:</para>

	    <screen>&prompt.root; <userinput><filename>/etc/rc.d/netif</filename> start</userinput>
Starting wpa_supplicant.

      wme burst roaming MANUAL</screen>

	    <note>
	      <para>If <filename>/etc/rc.conf</filename> is set up
		with the line <literal>ifconfig_wlan0="DHCP"</literal>
		then it is not necessary to run the
		<command>dhclient</command> command manually.
		<command>dhclient</command> will be launched after
		<command>wpa_supplicant</command> plumbs the
		keys.</para>
	    </note>

	    <para>If DHCP is not possible or desired,
	      you can set a static IP address after
	      <command>wpa_supplicant</command> has authenticated the
	      station:</para>

      wme burst roaming MANUAL</screen>

	    <para>When DHCP is not used, you also have to manually set
	      the default gateway and the nameserver:</para>

	    <screen>&prompt.root; <userinput>route add default <replaceable>your_default_router</replaceable></userinput>
&prompt.root; <userinput>echo "nameserver <replaceable>your_DNS_server</replaceable>" &gt;&gt; /etc/resolv.conf</userinput></screen>

	    <title>WPA with EAP-TLS</title>

	    <para>The second way to use WPA is with an 802.1X backend
	      authentication server.  In this case WPA is called
	      WPA-Enterprise to differentiate it from the less secure
	      WPA-Personal with its pre-shared key.
	      Authentication in WPA-Enterprise is based on EAP
	      (Extensible Authentication Protocol).</para>

	    <para>EAP does not come with an encryption method, it was
	      decided to embed EAP inside an encrypted tunnel.  Many
	      types of EAP authentication methods have been designed.
	      The most common methods are EAP-TLS, EAP-TTLS and
	      EAP-PEAP.</para>

	    <para>EAP-TLS (EAP with Transport Layer Security) is a

	      <callout arearefs="co-ttls-cacert">
		<para>The <literal>ca_cert</literal> field indicates
		  the pathname of the CA certificate file.  This file
		  is needed to verify the server certificate.</para>
	      </callout>

	      <callout arearefs="co-ttls-pha2">


	    <para>PEAP (Protected EAP) has been designed as an
	      alternative to EAP-TTLS.  There are two types of PEAP
	      methods; the most common one is PEAPv0/EAP-MSCHAPv2.  In
	      the rest of this document, we will use the PEAP term to
	      refer to that EAP method.  PEAP is the most used EAP
	      standard after EAP-TLS.  In other words, if you have a
	      network with mixed OSes, PEAP should be the most
	      supported standard after EAP-TLS.</para>


	      certificate to authenticate clients by creating an
	      encrypted TLS tunnel between the client and the
	      authentication server, which protects the ensuing
	      exchange of authentication information.  In terms of
	      security the difference between EAP-TTLS and PEAP is
	      that PEAP authentication broadcasts the username in the
	      clear, only the password is sent in the encrypted TLS
	      tunnel.  EAP-TTLS will use the TLS tunnel for both
	      username and password.</para>

		  first phase of the authentication (the TLS
		  tunnel).  According to the authentication server
		  used, you will have to specify a specific label
		  for the authentication.  Most of the time, the label
		  will be <quote>client EAP encryption</quote> which
		  is set by using <literal>peaplabel=0</literal>.
		  More information can be found in the

	    <programlisting>wlans_ath0="wlan0"
ifconfig_wlan0="WPA DHCP"</programlisting>

	    <para>Then we can bring up the interface:</para>

	    <screen>&prompt.root; <userinput>/etc/rc.d/netif start</userinput>
Starting wpa_supplicant.


	  <para>WEP (Wired Equivalent Privacy) is part of the original
	    802.11 standard.  There is no authentication mechanism,
	    only a weak form of access control, and it is easily
	    cracked.</para>

	  <para>WEP can be set up with

	      <para>The <literal>weptxkey</literal> means which WEP
		key will be used in the transmission.  Here we used the
		third key.  This must match the setting in the access
		point.  If you do not have any idea of which key is
		used by the access point, try
		<literal>1</literal> (i.e., the first key) for this
		value.</para>
	    </listitem>

	    <listitem>
	      <para>The <literal>wepkey</literal> selects one of the
		WEP keys.  It should be in the format
		<replaceable>index:key</replaceable>.  Key
		<literal>1</literal> is used by default; the index
		only needs to be set if we use a key other
		than the first key.</para>

	      <note>

	    </listitem>
	  </itemizedlist>

	  <para>You are encouraged to read the &man.ifconfig.8; manual
	    page for further information.</para>

	  <para>The <command>wpa_supplicant</command> facility also

      <para>IBSS mode, also called ad-hoc mode, is designed for point
	to point connections.  For example, to establish an ad-hoc
	network between the machine <hostid>A</hostid> and the machine
	<hostid>B</hostid>, we will just need to choose two IP addresses
	and a SSID.</para>

      <para>On the box <hostid>A</hostid>:</para>

	  protmode CTS wme burst</screen>

	  <para>Both <hostid>A</hostid> and <hostid>B</hostid> are now
	    ready to exchange information.</para>
    </sect2>

    <sect2 id="network-wireless-ap">

	<para>Before configuring your &os; machine as an AP, the
	  kernel must be configured with the appropriate wireless
	  networking support for your wireless card.  You also have to
	  add support for the security protocols you intend to
	  use.  For more details, see <xref
	  linkend="network-wireless-basic">.</para>

	<note>
	  <para>The use of the NDIS driver wrapper and the &windows;
	    drivers do not currently allow AP operation.  Only
	    native &os; wireless drivers support AP mode.</para>
	</note>

	<para>Once wireless networking support is loaded, you can
	  check if your wireless device supports the host-based access
	  point mode (also known as hostap mode):</para>

	<screen>&prompt.root; <userinput>ifconfig <replaceable>wlan0</replaceable> create wlandev <replaceable>ath0</replaceable></userinput>
&prompt.root; <userinput>ifconfig <replaceable>wlan0</replaceable> list caps</userinput>

	<para>This output displays the card capabilities; the
	  <literal>HOSTAP</literal> word confirms this wireless card
	  can act as an Access Point.  Various supported ciphers are
	  also mentioned: WEP, TKIP, AES, etc., this information
	  is important to know what security protocols could be set
	  on the Access Point.</para>

	<para>The wireless device can only be put into hostap mode

	<screen>&prompt.root; <userinput>ifconfig <replaceable>wlan0</replaceable> create wlandev <replaceable>ath0</replaceable> wlanmode hostap</userinput>
&prompt.root; <userinput>ifconfig <replaceable>wlan0</replaceable> inet <replaceable>192.168.0.1</replaceable> netmask <replaceable>255.255.255.0</replaceable> ssid <replaceable>freebsdap</replaceable> mode 11g channel 1</userinput></screen>

	<para>Use <command>ifconfig</command> again to see the status
	  of the <devicename>wlan0</devicename> interface:</para>

	<screen>&prompt.root; <userinput>ifconfig <replaceable>wlan0</replaceable></userinput>

      <para>On &os;, it is possible to combine two or even more network
	interfaces together in a <quote>failover</quote> fashion, that
	is, to use the most preferred and available connection from a
	group of network interfaces, and have the operating system
	switch automatically when the link state changes.</para>

      <para>We will cover link aggregation and failover in <xref linkend="network-aggregation">

Return to bug 160269

Lines 1225-1231 Link Here

(-)en_US.ISO8859-1/books/handbook/advanced-networking/chapter.sgml (-41 / +41 lines)
1225	the 802.1X authentication protocol and uses one of several	1225	the 802.1X authentication protocol and uses one of several
1226	ciphers instead of WEP for data integrity. The only	1226	ciphers instead of WEP for data integrity. The only
1227	cipher required by WPA is TKIP (Temporary Key Integrity	1227	cipher required by WPA is TKIP (Temporary Key Integrity
1228	Protocol) which is a cipher that extends the basic RC4	1228	Protocol). TKIP is a cipher that extends the basic RC4
1229	cipher used by WEP by adding integrity checking, tamper	1229	cipher used by WEP by adding integrity checking, tamper
1230	detection, and measures for responding to any detected	1230	detection, and measures for responding to any detected
1231	intrusions. TKIP is designed to work on legacy hardware	1231	intrusions. TKIP is designed to work on legacy hardware
Lines 1243-1249 Link Here
1243	station and the access point using a pre-shared secret.	1243	station and the access point using a pre-shared secret.
1244	The former is commonly termed WPA Enterprise with the	1244	The former is commonly termed WPA Enterprise with the
1245	latter known as WPA Personal. Since most people will not	1245	latter known as WPA Personal. Since most people will not
1246	set up a RADIUS backend server for wireless network,	1246	set up a RADIUS backend server for their wireless network,
1247	WPA-PSK is by far the most commonly encountered	1247	WPA-PSK is by far the most commonly encountered
1248	configuration for WPA.</para>	1248	configuration for WPA.</para>
1249		1249
Lines 1258-1264 Link Here
1258	<sect5 id="network-wireless-wpa-wpa-psk">	1258	<sect5 id="network-wireless-wpa-wpa-psk">
1259	<title>WPA-PSK</title>	1259	<title>WPA-PSK</title>
1260		1260
1261	<para>WPA-PSK also known as WPA-Personal is based on a	1261	<para>WPA-PSK, also known as WPA-Personal, is based on a
1262	pre-shared key (PSK) generated from a given password and	1262	pre-shared key (PSK) generated from a given password and
1263	that will be used as the master key in the wireless	1263	that will be used as the master key in the wireless
1264	network. This means every wireless user will share the	1264	network. This means every wireless user will share the
Lines 1289-1295 Link Here
1289	<programlisting>wlans_ath0="wlan0"	1289	<programlisting>wlans_ath0="wlan0"
1290	ifconfig_wlan0="WPA DHCP"</programlisting>	1290	ifconfig_wlan0="WPA DHCP"</programlisting>
1291		1291
1292	<para>Then, we can bring up the interface:</para>	1292	<para>Then we can bring up the interface:</para>
1293		1293
1294	<screen>&prompt.root; <userinput><filename>/etc/rc.d/netif</filename> start</userinput>	1294	<screen>&prompt.root; <userinput><filename>/etc/rc.d/netif</filename> start</userinput>
1295	Starting wpa_supplicant.	1295	Starting wpa_supplicant.
Lines 1342-1357 Link Here
1342	wme burst roaming MANUAL</screen>	1342	wme burst roaming MANUAL</screen>
1343		1343
1344	<note>	1344	<note>
1345	<para>If the <filename>/etc/rc.conf</filename> is set up	1345	<para>If <filename>/etc/rc.conf</filename> is set up
1346	with the line <literal>ifconfig_wlan0="DHCP"</literal>	1346	with the line <literal>ifconfig_wlan0="DHCP"</literal>
1347	then it is no need to run the	1347	then it is not necessary to run the
1348	<command>dhclient</command> command manually,	1348	<command>dhclient</command> command manually.
1349	<command>dhclient</command> will be launched after	1349	<command>dhclient</command> will be launched after
1350	<command>wpa_supplicant</command> plumbs the	1350	<command>wpa_supplicant</command> plumbs the
1351	keys.</para>	1351	keys.</para>
1352	</note>	1352	</note>
1353		1353
1354	<para>In the case where the use of DHCP is not possible,	1354	<para>If DHCP is not possible or desired,
1355	you can set a static IP address after	1355	you can set a static IP address after
1356	<command>wpa_supplicant</command> has authenticated the	1356	<command>wpa_supplicant</command> has authenticated the
1357	station:</para>	1357	station:</para>
Lines 1370-1376 Link Here
1370	wme burst roaming MANUAL</screen>	1370	wme burst roaming MANUAL</screen>
1371		1371
1372	<para>When DHCP is not used, you also have to manually set	1372	<para>When DHCP is not used, you also have to manually set
1373	up the default gateway and the nameserver:</para>	1373	the default gateway and the nameserver:</para>
1374		1374
1375	<screen>&prompt.root; <userinput>route add default <replaceable>your_default_router</replaceable></userinput>	1375	<screen>&prompt.root; <userinput>route add default <replaceable>your_default_router</replaceable></userinput>
1376	&prompt.root; <userinput>echo "nameserver <replaceable>your_DNS_server</replaceable>" >> /etc/resolv.conf</userinput></screen>	1376	&prompt.root; <userinput>echo "nameserver <replaceable>your_DNS_server</replaceable>" >> /etc/resolv.conf</userinput></screen>
Lines 1380-1395 Link Here
1380	<title>WPA with EAP-TLS</title>	1380	<title>WPA with EAP-TLS</title>
1381		1381
1382	<para>The second way to use WPA is with an 802.1X backend	1382	<para>The second way to use WPA is with an 802.1X backend
1383	authentication server, in this case WPA is called	1383	authentication server. In this case WPA is called
1384	WPA-Enterprise to make difference with the less secure	1384	WPA-Enterprise to differentiate it from the less secure
1385	WPA-Personal with its pre-shared key. The	1385	WPA-Personal with its pre-shared key.
1386	authentication in WPA-Enterprise is based on EAP	1386	Authentication in WPA-Enterprise is based on EAP
1387	(Extensible Authentication Protocol).</para>	1387	(Extensible Authentication Protocol).</para>
1388		1388
1389	<para>EAP does not come with an encryption method, it was	1389	<para>EAP does not come with an encryption method, it was
1390	decided to embed EAP inside an encrypted tunnel. Many	1390	decided to embed EAP inside an encrypted tunnel. Many
1391	types of EAP authentication methods have been designed,	1391	types of EAP authentication methods have been designed.
1392	the most common methods are EAP-TLS, EAP-TTLS and	1392	The most common methods are EAP-TLS, EAP-TTLS and
1393	EAP-PEAP.</para>	1393	EAP-PEAP.</para>
1394		1394
1395	<para>EAP-TLS (EAP with Transport Layer Security) is a	1395	<para>EAP-TLS (EAP with Transport Layer Security) is a
Lines 1555-1561 Link Here
1555	<callout arearefs="co-ttls-cacert">	1555	<callout arearefs="co-ttls-cacert">
1556	<para>The <literal>ca_cert</literal> field indicates	1556	<para>The <literal>ca_cert</literal> field indicates
1557	the pathname of the CA certificate file. This file	1557	the pathname of the CA certificate file. This file
1558	is needed to verify the server certificat.</para>	1558	is needed to verify the server certificate.</para>
1559	</callout>	1559	</callout>
1560		1560
1561	<callout arearefs="co-ttls-pha2">	1561	<callout arearefs="co-ttls-pha2">
Lines 1599-1608 Link Here
1599		1599
1600	<para>PEAP (Protected EAP) has been designed as an	1600	<para>PEAP (Protected EAP) has been designed as an
1601	alternative to EAP-TTLS. There are two types of PEAP	1601	alternative to EAP-TTLS. There are two types of PEAP
1602	methods, the most common one is PEAPv0/EAP-MSCHAPv2. In	1602	methods; the most common one is PEAPv0/EAP-MSCHAPv2. In
1603	the rest of this document, we will use the PEAP term to	1603	the rest of this document, we will use the PEAP term to
1604	refer to that EAP method. PEAP is the most used EAP	1604	refer to that EAP method. PEAP is the most used EAP
1605	standard after EAP-TLS, in other words if you have a	1605	standard after EAP-TLS. In other words, if you have a
1606	network with mixed OSes, PEAP should be the most	1606	network with mixed OSes, PEAP should be the most
1607	supported standard after EAP-TLS.</para>	1607	supported standard after EAP-TLS.</para>
1608		1608
Lines 1610-1618 Link Here
1610	certificate to authenticate clients by creating an	1610	certificate to authenticate clients by creating an
1611	encrypted TLS tunnel between the client and the	1611	encrypted TLS tunnel between the client and the
1612	authentication server, which protects the ensuing	1612	authentication server, which protects the ensuing
1613	exchange of authentication information. In term of	1613	exchange of authentication information. In terms of
1614	security the difference between EAP-TTLS and PEAP is	1614	security the difference between EAP-TTLS and PEAP is
1615	that PEAP authentication broadcasts the username in	1615	that PEAP authentication broadcasts the username in the
1616	clear, only the password is sent in the encrypted TLS	1616	clear, only the password is sent in the encrypted TLS
1617	tunnel. EAP-TTLS will use the TLS tunnel for both	1617	tunnel. EAP-TTLS will use the TLS tunnel for both
1618	username and password.</para>	1618	username and password.</para>
Lines 1661-1667 Link Here
1661	first phase of the authentication (the TLS	1661	first phase of the authentication (the TLS
1662	tunnel). According to the authentication server	1662	tunnel). According to the authentication server
1663	used, you will have to specify a specific label	1663	used, you will have to specify a specific label
1664	for the authentication. Most of time, the label	1664	for the authentication. Most of the time, the label
1665	will be <quote>client EAP encryption</quote> which	1665	will be <quote>client EAP encryption</quote> which
1666	is set by using <literal>peaplabel=0</literal>.	1666	is set by using <literal>peaplabel=0</literal>.
1667	More information can be found in the	1667	More information can be found in the
Lines 1682-1688 Link Here
1682	<programlisting>wlans_ath0="wlan0"	1682	<programlisting>wlans_ath0="wlan0"
1683	ifconfig_wlan0="WPA DHCP"</programlisting>	1683	ifconfig_wlan0="WPA DHCP"</programlisting>
1684		1684
1685	<para>Then, we can bring up the interface:</para>	1685	<para>Then we can bring up the interface:</para>
1686		1686
1687	<screen>&prompt.root; <userinput>/etc/rc.d/netif start</userinput>	1687	<screen>&prompt.root; <userinput>/etc/rc.d/netif start</userinput>
1688	Starting wpa_supplicant.	1688	Starting wpa_supplicant.
Lines 1709-1715 Link Here
1709		1709
1710	<para>WEP (Wired Equivalent Privacy) is part of the original	1710	<para>WEP (Wired Equivalent Privacy) is part of the original
1711	802.11 standard. There is no authentication mechanism,	1711	802.11 standard. There is no authentication mechanism,
1712	only a weak form of access control, and it is easily to be	1712	only a weak form of access control, and it is easily
1713	cracked.</para>	1713	cracked.</para>
1714		1714
1715	<para>WEP can be set up with	1715	<para>WEP can be set up with
Lines 1724-1741 Link Here
1724	<para>The <literal>weptxkey</literal> means which WEP	1724	<para>The <literal>weptxkey</literal> means which WEP
1725	key will be used in the transmission. Here we used the	1725	key will be used in the transmission. Here we used the
1726	third key. This must match the setting in the access	1726	third key. This must match the setting in the access
1727	point. If you do not have any idea of what is the key	1727	point. If you do not have any idea of which key is
1728	used by the access point, you should try to use	1728	used by the access point, try
1729	<literal>1</literal> (i.e., the first key) for this	1729	<literal>1</literal> (i.e., the first key) for this
1730	value.</para>	1730	value.</para>
1731	</listitem>	1731	</listitem>
1732		1732
1733	<listitem>	1733	<listitem>
1734	<para>The <literal>wepkey</literal> means setting the	1734	<para>The <literal>wepkey</literal> selects one of the
1735	selected WEP key. It should in the format	1735	WEP keys. It should be in the format
1736	<replaceable>index:key</replaceable>, if the index is	1736	<replaceable>index:key</replaceable>. Key
1737	not given, key <literal>1</literal> is set. That is	1737	<literal>1</literal> is used by default; the index
1738	to say we need to set the index if we use keys other	1738	only needs to be set if we use a key other
1739	than the first key.</para>	1739	than the first key.</para>
1740		1740
1741	<note>	1741	<note>
Lines 1746-1752 Link Here
1746	</listitem>	1746	</listitem>
1747	</itemizedlist>	1747	</itemizedlist>
1748		1748
1749	<para>You are encouraged to read &man.ifconfig.8; manual	1749	<para>You are encouraged to read the &man.ifconfig.8; manual
1750	page for further information.</para>	1750	page for further information.</para>
1751		1751
1752	<para>The <command>wpa_supplicant</command> facility also	1752	<para>The <command>wpa_supplicant</command> facility also
Lines 1777-1783 Link Here
1777	<para>IBSS mode, also called ad-hoc mode, is designed for point	1777	<para>IBSS mode, also called ad-hoc mode, is designed for point
1778	to point connections. For example, to establish an ad-hoc	1778	to point connections. For example, to establish an ad-hoc
1779	network between the machine <hostid>A</hostid> and the machine	1779	network between the machine <hostid>A</hostid> and the machine
1780	<hostid>B</hostid> we will just need to choose two IP addresses	1780	<hostid>B</hostid>, we will just need to choose two IP addresses
1781	and a SSID.</para>	1781	and a SSID.</para>
1782		1782
1783	<para>On the box <hostid>A</hostid>:</para>	1783	<para>On the box <hostid>A</hostid>:</para>
Lines 1822-1828 Link Here
1822	protmode CTS wme burst</screen>	1822	protmode CTS wme burst</screen>
1823		1823
1824	<para>Both <hostid>A</hostid> and <hostid>B</hostid> are now	1824	<para>Both <hostid>A</hostid> and <hostid>B</hostid> are now
1825	ready to exchange informations.</para>	1825	ready to exchange information.</para>
1826	</sect2>	1826	</sect2>
1827		1827
1828	<sect2 id="network-wireless-ap">	1828	<sect2 id="network-wireless-ap">
Lines 1839-1857 Link Here
1839	<para>Before configuring your &os; machine as an AP, the	1839	<para>Before configuring your &os; machine as an AP, the
1840	kernel must be configured with the appropriate wireless	1840	kernel must be configured with the appropriate wireless
1841	networking support for your wireless card. You also have to	1841	networking support for your wireless card. You also have to
1842	add the support for the security protocols you intend to	1842	add support for the security protocols you intend to
1843	use. For more details, see <xref	1843	use. For more details, see <xref
1844	linkend="network-wireless-basic">.</para>	1844	linkend="network-wireless-basic">.</para>
1845		1845
1846	<note>	1846	<note>
1847	<para>The use of the NDIS driver wrapper and the &windows;	1847	<para>The use of the NDIS driver wrapper and the &windows;
1848	drivers do not allow currently the AP operation. Only	1848	drivers do not currently allow AP operation. Only
1849	native &os; wireless drivers support AP mode.</para>	1849	native &os; wireless drivers support AP mode.</para>
1850	</note>	1850	</note>
1851		1851
1852	<para>Once the wireless networking support is loaded, you can	1852	<para>Once wireless networking support is loaded, you can
1853	check if your wireless device supports the host-based access	1853	check if your wireless device supports the host-based access
1854	point mode (also know as hostap mode):</para>	1854	point mode (also known as hostap mode):</para>
1855		1855
1856	<screen>&prompt.root; <userinput>ifconfig <replaceable>wlan0</replaceable> create wlandev <replaceable>ath0</replaceable></userinput>	1856	<screen>&prompt.root; <userinput>ifconfig <replaceable>wlan0</replaceable> create wlandev <replaceable>ath0</replaceable></userinput>
1857	&prompt.root; <userinput>ifconfig <replaceable>wlan0</replaceable> list caps</userinput>	1857	&prompt.root; <userinput>ifconfig <replaceable>wlan0</replaceable> list caps</userinput>
Lines 1861-1868 Link Here
1861	<para>This output displays the card capabilities; the	1861	<para>This output displays the card capabilities; the
1862	<literal>HOSTAP</literal> word confirms this wireless card	1862	<literal>HOSTAP</literal> word confirms this wireless card
1863	can act as an Access Point. Various supported ciphers are	1863	can act as an Access Point. Various supported ciphers are
1864	also mentioned: WEP, TKIP, AES, etc., these informations	1864	also mentioned: WEP, TKIP, AES, etc., this information
1865	are important to know what security protocols could be set	1865	is important to know what security protocols could be set
1866	on the Access Point.</para>	1866	on the Access Point.</para>
1867		1867
1868	<para>The wireless device can only be put into hostap mode	1868	<para>The wireless device can only be put into hostap mode
Lines 1877-1883 Link Here
1877	<screen>&prompt.root; <userinput>ifconfig <replaceable>wlan0</replaceable> create wlandev <replaceable>ath0</replaceable> wlanmode hostap</userinput>	1877	<screen>&prompt.root; <userinput>ifconfig <replaceable>wlan0</replaceable> create wlandev <replaceable>ath0</replaceable> wlanmode hostap</userinput>
1878	&prompt.root; <userinput>ifconfig <replaceable>wlan0</replaceable> inet <replaceable>192.168.0.1</replaceable> netmask <replaceable>255.255.255.0</replaceable> ssid <replaceable>freebsdap</replaceable> mode 11g channel 1</userinput></screen>	1878	&prompt.root; <userinput>ifconfig <replaceable>wlan0</replaceable> inet <replaceable>192.168.0.1</replaceable> netmask <replaceable>255.255.255.0</replaceable> ssid <replaceable>freebsdap</replaceable> mode 11g channel 1</userinput></screen>
1879		1879
1880	<para>Use again <command>ifconfig</command> to see the status	1880	<para>Use <command>ifconfig</command> again to see the status
1881	of the <devicename>wlan0</devicename> interface:</para>	1881	of the <devicename>wlan0</devicename> interface:</para>
1882		1882
1883	<screen>&prompt.root; <userinput>ifconfig <replaceable>wlan0</replaceable></userinput>	1883	<screen>&prompt.root; <userinput>ifconfig <replaceable>wlan0</replaceable></userinput>
Lines 2150-2156 Link Here
2150	<para>On &os;, it is possible to combine two or even more network	2150	<para>On &os;, it is possible to combine two or even more network
2151	interfaces together in a <quote>failover</quote> fashion, that	2151	interfaces together in a <quote>failover</quote> fashion, that
2152	is, to use the most preferred and available connection from a	2152	is, to use the most preferred and available connection from a
2153	group of network interfaces, and have the operating system to	2153	group of network interfaces, and have the operating system
2154	switch automatically when the link state changes.</para>	2154	switch automatically when the link state changes.</para>
2155		2155
2156	<para>We will cover link aggregation and failover in <xref linkend="network-aggregation">	2156	<para>We will cover link aggregation and failover in <xref linkend="network-aggregation">