System Administration Guide: IP Services

How to Monitor the WiFi Link

This procedure shows how to monitor the status of a WiFi link through standard networking tools, and change link properties through the linkprop subcommand.

Assume the Primary Administrator role, or become superuser.
The Primary Administrator role includes the Primary Administrator profile. To create the role and assign the role to a user, see Chapter 2, "Working With the Solaris Management Console (Tasks)," in System Administration Guide: Basic Administration.
Connect to the WiFi network, as described in How to Connect to a WiFi Network.

View the properties of the link.

Use the following syntax:

# dladm show-linkprop interface

For example, you would use the following syntax to show the status of the connection established over the ath0 link:

# dladm show-linkprop ath0
PROPERTY        VALUE           DEFAULT         POSSIBLE
channel         5               --              -- 
powermode       off             off             off,fast,max
radio           ?               on              on,off 
speed           36               --              1,2,5.5,6,9,11,12,18,24,36,48,54

Set a fixed speed for the link.
Caution - The Solaris OS automatically chooses the optimal speed for the WiFi connection. Modifying the initial speed of the link might cause reduced performance or prevent the establishment of certain WiFi connections.
You can modify the link speed to one of the possible values for speed that is listed in the show-linkprop output.
# dladm set-linkprop -p speed=value link

Check the packet flow over the link.

# netstat -I ath0 -i 5
   input   ath0      output       input  (Total)    output
packets errs  packets errs  colls  packets errs  packets errs  colls
317     0     106     0     0      2905    0     571     0     0
14      0     0       0     0      20      0     0       0     0
7       0     0       0     0      16      0     1       0     0
5       0     0       0     0      9       0     0       0     0
304     0     10      0     0      631     0     316     0     0
338     0     9       0     0      722     0     381     0     0
294     0     7       0     0      670     0     371     0     0
306     0     5       0     0      649     0     338     0     0
289     0     5       0     0      597     0     301     0     0

Example 6-9 Set the Speed of a Link

This example shows how to set the speed of a link after you have connected to a WiFi network

# dladm show-linkprop -p speed ath0
PROPERTY        VALUE           DEFAULT         POSSIBLE
speed           24               --              1,2,5,6,9,11,12,18,24,36,48,54
# dladm set-linkprop -p speed=36 ath0

# dladm show-linkprop -p speed ath0
PROPERTY        VALUE           DEFAULT         POSSIBLE
speed           36               --              1,2,5,6,9,11,12,18,24,36,48,54

WiFi Networks and Security

Radio wave technology makes WiFi networks readily available and often freely accessible to users in many locations. As a result, connecting to a WiFi network can be an insecure undertaking. However, certain types of WiFi connections are more secure:

Connecting to a private, restricted-access WiFi network

Private networks, such as internal networks established by corporations or universities, restrict access to their networks to users who can provide the correct security challenge. Potential users must supply a key during the connection sequence or log in to the network through a secure VPN.
Encrypting your connection to the WiFi network

You can encrypt communications between your system and a WiFi network by using a secure key. Your access point to the WiFi network must be a router in your home or office with a secure key-generating feature. Your system and the router establish and then share the key before creating the secure connection.

The dladm command can use a Wired Equivalent Privacy (WEP) key for encrypting connections through the access point. The WEP protocol is defined in IEEE 802.11 specifications for wireless connections. For complete details on the WEP-related options of the dladm command, refer to the dladm(1M) man page.

How to Set Up an Encrypted WiFi Network Connection

The next procedure shows how to set up secure communications between a system and a router in the home. Many wireless and wired routers for the home have an encryption feature that can generate a secure key. This procedure assumes that you use such a router and have its documentation available. The procedure also assumes that your system is already plugged into the router.

Start the software for configuring the home router.
Refer to the manufacturer's documentation for instructions. Router manufacturers typically offer an internal web site or a graphical user interface for router configuration.
Generate the value for the WEP key.
Follow the manufacturer's instructions for creating a secure key for the router. The router configuration GUI might ask you to supply a passphrase of your choice for the key. The software then uses the passphrase to generate a hexadecimal string, typically 5 bytes or 13 bytes in length. This string becomes the value to be used for the WEP key.
Apply and save the key configuration.
Refer to the manufacturer's documentation for instructions.
Assume the Primary Administrator role, or become superuser.
The Primary Administrator role includes the Primary Administrator profile. To create the role and assign the role to a user, see Chapter 2, "Working With the Solaris Management Console (Tasks)," in System Administration Guide: Basic Administration.
Create a secure object that contains the WEP key.
Open a terminal window on the system and type the following:
# dladm create-secobj -c wep keyname
where keyname represents the name you want to give to the key.
Supply the value for the WEP key to the secure object.
The create-secobj subcommand then runs a script that requests the value for the key.
provide value for keyname: 5 or 13 byte key confirm value for keyname: retype key
This value is the key that was generated by the router. The script accepts either a five byte or thirteen byte string, in ASCII or in hexadecimal for the key value.
View the contents of the key that you just created.
# dladm show-secobj OBJECT CLASS keyname wep
where keyname is the name for the secure object.

Make an encrypted connection to the WiFi network.

# dladm connect-wifi -e network -k keyname interface

Verify that the connection is secure.

# dladm show-wifi
LINK       STATUS        ESSID         SEC     STRENGTH   MODE   SPEED
ath0       connected     net1          wep     good       g      11Mb

The wep value under the SEC heading indicates that WEP encryption is in place for the connection.

Example 6-10 Setting Up Encrypted WiFi Communications

This example assumes that you have already done the following:

Connected your system to a home router that can create a WEP key
Followed the router manufacturer's documentation and created the WEP key
Saved the key so that you can use it to create the secure object on your system

# dladm create-secobj -c wep mykey
provide value for mykey: *****
confirm value for mkey: *****

When you supply the WEP key generated that is by the router, asterisks mask the value that you type.

# dladm show-secobj
OBJECT               CLASS
 mykey               wep
# dladm connect-wifi -e citinet -k mykey ath0

This command establishes an encrypted connection to the WiFi network citinet, using the secure object mykey.

# dladm show-wifi
LINK       STATUS        ESSID         SEC     STRENGTH   MODE   SPEED
ath0       connected     citinet       wep     good       g      36Mb

This output verifies that you are connected to citinet through WEP encryption.