set wlan
Purpose
For a Digi device with Wi-Fi capability, configures wireless settings, or displays the status of wireless devices.
Required permissions
For Digi products with two or more users, permissions must be set to set permissions s-wlan=read to display settings, and set permissions s‑wlan=rw to display and configure settings. See set permissions for details on setting user permissions for commands.
Configuring wireless settings
Following is information on how configuration choices for wireless devices, such as the authentication method, affect other configuration choices, such as encryption types and other set wlan command options.
Authentication methods and available encryption types
The following table shows the authentication methods available for wireless devices, and the encryption types that apply to each method. The Xs show the encryption types that can be used with each authentication method. At least one encryption type must be selected if a particular authentication method is selected.
| Encryption Type: | Authentication Method: | |||||
|---|---|---|---|---|---|---|
| Open | Shared Key | WEP authentication |
WPA-PSK authentication | WPA | LEAP | |
| Open |
X |
X |
|
|
|
|
| WEP |
X |
X |
X |
X |
X |
X |
| TKIP |
|
|
|
X |
X |
|
| CCMP |
|
|
|
X |
X |
|
Using “show wlan” to display authentication encryption methods
The show wlan command displays evaluation information about wireless LAN settings, including ineffective settings and a list of valid combinations. It displays whether encryption methods are specified and in use or not used by authentication methods, and whether configuration of certain options appears to be complete. For the results of show wlan, see the Examples section for show.
Authentication methods and associated data fields
The following table shows the authentication methods available for wireless devices, and the associated data fields, or command options that apply to each method. All data fields with that have an X in a particular authentication method’s column are required, except for trusted certificates, which is optional.
| Data Fields: | Authentication Method: | |||||
|---|---|---|---|---|---|---|
| Open | Shared Key | WEP authentication |
WPA-PSK | WPA authentication |
LEAP | |
| WEP keys |
X If WEP encryption is selected. |
X |
|
|
|
|
| Passphrase |
|
|
|
X |
|
|
| Authentication methods |
|
|
X |
|
X |
|
| Username, password |
|
|
X |
|
X |
X |
| Client certificate |
|
|
X If TLS is selected. |
|
X If TLS is selected. |
|
| Trusted certificates |
|
|
X |
|
X |
|
Inner and outer protocols
The following table shows relationships between outer protocols and inner protocols specified on the set wlan command. Outer protocols are the types of Extensible Authentication Protocols (EAP) that are allowed to establish the initial connection with an authentication server or access point. The outer protocols are specified by the outer_eap option. Inner protocols are the types of protocols that are allowed to authenticate the device. These protocols are used within the encrypted connection established by PEAP or TTLs. The inner protocols are specified by the inner_eap option.
| Inner Protocols: | Outer Protocols: | ||
|---|---|---|---|
| PEAP | TLS | TTLS | |
|
X |
|
|
|
|
X |
|
X |
|
|
X |
|
X |
|
|
X |
|
X |
|
|
X |
|
X |
|
|
|
|
X |
|
|
|
|
X |
|
|
MSCHAPv2 |
|
|
X |
|
|
|
X |
|
Syntax
Configure wireless settings
set wlan
[protmode={bss|ibss_create|ibss_join|any}]
[channel={0|1-14}]
[ssid=string]
[authentication={[open],[sharedkey],[wep_auth],[wpa_psk],
[wpa_auth],[leap],[any]}
[encryption={[open],[wep],[tkip],[ccmp],[any]}]
[outer_eap={[peap],[tls],[ttls],[any]}]
[inner_eap={[gtc],[tls],[md5],[mschapv2],[otp],[chap],[mschap],
[ttls_mschapv2],[pap],[any]}]
[options={[diversity],[short_preamble],[verify_cert]}]
[username=string]
[password=string]
[psk=string]
[psk_hex=hex string]
[wepmode={64bit|128bit}]
[wepindex=1-4]
[wepkeyN=hex string]]
[country=”string”]
[maxtxrate={1|2|5.5|6|9|11|12|18|24|36|48|54}] (Mbps)
[txpower={6|8|10|12|14|16}] (dBm)
Display wireless settings
set wlan
Or:
show wlan
Options
Command options authentication, encryption, outer_eap, inner_eap, and options can have multiple values
The set wlan options authentication, encryption, outer_eap, inner_eap, and options can have multiple values. More than one value may be specified for each option to indicate the set of allowed values. The actual value used is determined by the capabilities of the wireless network.
protmode={bss|ibss_create|ibss_join|any}
Used to change the operation mode in which the device works.
bss
Indicates that the device should join an access point.
ibss_create
Indicates the device will attempt to first join an Independent Basic Service Set (IBSS) or ad hoc wireless network, and create one if it is unable to find one.
ibss_join
Indicates the device should attempt to join an IBSS or ad hoc wireless network.
any
Enables all operation modes.
Typically, the operation mode is bss. The default is bss.
channel={0|1-14}
Sets the frequency channel that the wireless LAN radio uses. A value of 0 indicates that the device scans all frequencies until it finds one with an available access point or wireless network it can join. The default value is 10.
ssid=string
Used to specify the identifier of the wireless network that the device should be joined to. The default is an empty string, which indicates that the first wireless network that the device finds will be joined to.
authentication=
{[open],[sharekey],[wep_auth],[wpa_psk],[wpa_auth],[leap],[any]}
The types of authentication that are allowed to establish a connection with the access point.
open
Use the IEEE 802.11 open system authentication to establish a connection with the access point.
sharedkey
Use the IEEE 802.11 shared key authentication to establish a connection with the access point. At least one WEP key must be specified to use shared key authentication.
wep_auth
IEEE 802.1x authentication (EAP) is used to establish a connection with an authentication server or access point. Wired Equivalent Privacy (WEP) keys are dynamically generated to encrypt data over the wireless link.
wpa_psk
Use the The Wi-Fi Protected Access (WPA) protocol with a pre-shared key (PSK) that you specify to establish a connection with the access point and encrypt the wireless link.
wpa_auth
Use the The WPA protocol and IEEE 802.1x authentication (EAP) to establish a connection with an authentication server or access point. Encryption keys are dynamically generated to encrypt data over the wireless link.
leap
Use the Lightweight Extensible Authentication Protocol (LEAP) to establish a connection with an authentication server or access point. Wired Equivalent Privacy (WEP) keys are dynamically generated to encrypt the wireless link. A username and password must be specified to use leap.
any
Sets all authentication types.
encryption={[open],[wep],[tkip],[ccmp],[any]}
The types of encryption that are allowed to encrypt data transferred over the wireless link.
open
Use No encryption over the wireless link. Can be used with open and sharedkey authentication.
wep
Use Wired Equivalent Privacy (WEP) encryption over the wireless link. Can be used with open, sharedkey, wep_auth, wpa_psk, wpa_auth, and leap authentication.
tkip
Use Temporal Key Integrity Protocol (TKIP) encryption over the wireless link. This can be used with wpa_psk and wpa_auth authentication.
ccmp
Use CCMP (AES) encryption over the wireless link. Can be used with wpa_psk and wpa_auth authentication.
any
Sets all encryption types.
outer_eap={[peap],[tls],[ttls],[any]}
The types of Extensible Authentication Protocols (EAP) that are allowed to establish the initial connection with an authentication server or access point. These are used with wep_auth and wpa_auth authentication.
peap
Protected Extensible Authentication Protocol (PEAP). A username and password must be specified to use peap.
tls
Transport Layer Security (TLS). A client certificate and private key must be installed on the device to use tls.
ttls
Tunneled Transport Layer Security (TTLS). A username and password must be specified to use ttls.
any
Sets all outer and inner Extensible Authentication Protocols (EAP).
inner_eap={[gtc],[tls],[md5],[mschapv2],[otp],[chap],[mschap],
[ttls_mschapv2],[pap,[any]]}
The types of protocols that are allowed to authenticate the device. Use these within the encrypted connection established by PEAP or TTLS.
The following are Extensible Access Protocols (EAP) that can be used with PEAP or TTLS:
gtc
Generic token card.
tls
Transport Layer Security (TLS). A client certificate and private key must be installed on the device to use tls.
md5
Message Digest Algorithm (MD5).
mschapv2
Microsoft Challenge response Protocol version 2.
otp
One Time Password.
The following are non-EAP protocols that can be used with TTLS:
chap
Challenge response Protocol.
mschap
Microsoft Challenge response Protocol.
ttls_mschapv2
Microsoft Challenge response Protocol version 2.
pap
Password Authentication Protocol.
any
Sets all inner Extensible Authentication Protocols.
options={[diversity],[short_preamble],[verify_cert]}
diversity
Enable reception on multiple antennas on devices with this capability.
short_preamble
Enable transmission of wireless frames using short preambles, if allowed by the access point.
verify_cert
Verify that certificates received from an authentication server or access point are signed by a trusted certificate authority (CA). Standard CAs are built in, and additional trusted certificates may be added.
username=string
Used when the security option is set to wep_auth, wpa_auth, or leap. This option specifies the user name to be used during authentication.
password=string
Used when the security option is set to wep_auth, wpa_auth, or leap. This option specifies the password to be used during authentication.
psk=string
Used when the security option is set to wpa_psk. This option specifies a string that is converted into a pre-shared key (PSK) that is used for encryption.
psk_hex=hex string
Used when the authentication option is set to wpa_auth. psk and psk_hex are alternate ways of setting the PSK. This option specifies the hexadecimal value of the pre-shared key (PSK) used for encryption. The key consists of 64 hexadecimal digit characters.
wepmode={64bit|128bit}
Specifies the key size used when WEP encryption is enabled. The default is 64bit.
wepindex=1-4
Specifies which of the 4 possible keys will be used. The default is 1.
wepkeyN=hex string
A hexadecimal string that serves as the key if WEP encryption is enabled. The key consists of 26, 10, or 0 (zero) hexadecimal digit characters. If wepmode=64bit, the wepkey is 10 digits. If wepmode=128bit, the wepkey is 26 digits. A wepkey value of 0 length clears any value that was previously set.
country=string
The country where the device will be used. By selecting a country, the channel settings are restricted to the legal set for that country. Allowed country names are:
United States, Australia, Austria, Belgium, Canada, China, Czech Republic, Denmark, Finland, France, Germany, Greece, Iceland, Ireland, Italy, Japan, Liechtenstein, Luxembourg, Netherlands, Norway, Poland, Portugal, Singapore, Spain, Sweden, Switzerland, United Kingdom
Note Country names that include spaces should be enclosed in quotation marks; for example, “United States”.
maxtxrate={1|2|5.5|6|9|11|12|18|24|36|48|54} (Mbps)
The maximum transmission rate that the device uses, in megabits per second. The complete range of transmission rates is available on all devices except the ConnectPort X2 - XBee to Wi-Fi model. For that model, the allowed transmission rates are {1|2|5.5|11}.
txpower={6|8|10|12|14|16} (dBm)
The wireless transmit power, in decibels relative to one milliwatt (dBm).
Example
#> set wlan wepkey1=ab12cd34ef567ab12cd34ef567 wepindex=1
#> set wlan wepmode=128bit
#> set wlan ssid=”access point 1"
See also
- revert: The revert wlan option reverts the settings configured by this command.
- show: The show wlan command displays an evaluation of saved wireless settings, including ineffective settings and a list of valid combinations. It displays whether encryption methods are specified and in use or not used by authentication methods, and whether setup of certain options appear to be complete.
PDF
