diff options
Diffstat (limited to 'usr.sbin/ancontrol/ancontrol.8')
-rw-r--r-- | usr.sbin/ancontrol/ancontrol.8 | 143 |
1 files changed, 101 insertions, 42 deletions
diff --git a/usr.sbin/ancontrol/ancontrol.8 b/usr.sbin/ancontrol/ancontrol.8 index a5d6799..00ad199 100644 --- a/usr.sbin/ancontrol/ancontrol.8 +++ b/usr.sbin/ancontrol/ancontrol.8 @@ -37,65 +37,65 @@ .Nm ancontrol .Nd configure Aironet 4500/4800 devices .Sh SYNOPSIS -.Nm +.Nm ancontrol .Fl i Ar iface Fl A -.Nm +.Nm ancontrol .Fl i Ar iface Fl N -.Nm +.Nm ancontrol .Fl i Ar iface Fl S -.Nm +.Nm ancontrol .Fl i Ar iface Fl I -.Nm +.Nm ancontrol .Fl i Ar iface Fl T -.Nm +.Nm ancontrol .Fl i Ar iface Fl C -.Nm +.Nm ancontrol .Fl i Ar iface Fl t Ar 0|1|2|3|4 -.Nm +.Nm ancontrol .Fl i Ar iface Fl s Ar 0|1|2|3 -.Nm +.Nm ancontrol .Fl i Ar iface .Op Fl v Ar 1|2|3|4 .Fl a Ar AP -.Nm +.Nm ancontrol .Fl i Ar iface Fl b Ar beacon period -.Nm +.Nm ancontrol .Fl i Ar iface -.Op v Ar 0|1 +.Op Fl v Ar 0|1 .Fl d Ar 0|1|2|3 -.Nm -.Fl i Ar iface Fl e Ar 0|1 -.Nm +.Nm ancontrol +.Fl i Ar iface Fl e Ar 0|1|2|4 +.Nm ancontrol .Fl i Ar iface -.Op Fl v Ar 0|1 +.Op Fl v Ar 0|1|2|3|4|5|6|7 .Fl k Ar key -.Nm +.Nm ancontrol .Fl i Ar iface .Fl K Ar mode -.Nm +.Nm ancontrol .Fl i Ar iface .Fl W Ar mode -.Nm +.Nm ancontrol .Fl i Ar iface Fl j Ar netjoin timeout -.Nm +.Nm ancontrol .Fl i Ar iface Fl l Ar station name -.Nm +.Nm ancontrol .Fl i Ar iface Fl m Ar mac address -.Nm +.Nm ancontrol .Fl i Ar iface .Op Fl v Ar 1|2|3 .Fl n Ar SSID -.Nm +.Nm ancontrol .Fl i Ar iface Fl o Ar 0|1 -.Nm +.Nm ancontrol .Fl i Ar iface Fl p Ar tx power -.Nm +.Nm ancontrol .Fl i Ar iface Fl c Ar channel number -.Nm +.Nm ancontrol .Fl i Ar iface Fl f Ar fragmentation threshold -.Nm +.Nm ancontrol .Fl i Ar iface Fl r Ar RTS threshold -.Nm +.Nm ancontrol .Fl h .Sh DESCRIPTION The @@ -106,7 +106,7 @@ devices via the driver. Most of the parameters that can be changed relate to the IEEE 802.11 protocol which the Aironet cards implement. -This includes +This includes such things as the station name, whether the station is operating in ad-hoc (point to point) or infrastructure mode, and the network name of a service set to join. @@ -122,11 +122,19 @@ argument given to should be the logical interface name associated with the Aironet device (an0, an1, etc...). If one isn't specified the device an0 will be assumed. +.Pp +The +.Nm +command is not designed to support the combination of arguments from different +.Sy SYNOPSIS +lines in a single +.Nm +invocation, and such combinations are not recommended. .Sh OPTIONS The options are as follows: .Bl -tag -width Fl .It Fl i Ar iface Fl A -Display the prefered access point list. +Display the preferred access point list. The AP list can be used by stations to specify the MAC address of access points with which it wishes to associate. @@ -199,7 +207,11 @@ Valid selections are as follows: .Pp Note that for IBSS (ad-hoc) mode, only PSP mode is supported, and only if the ATIM window is non-zero. -.It Fl i Ar iface "[-v 1|2|3|4]" Fl a Ar AP +.It Xo +.Fl i Ar iface [ +.Fl v Ar 1|2|3|4 ] +.Fl a Ar AP +.Xc Set prefered access point. The .Ar AP @@ -220,7 +232,11 @@ Set the ad-hoc mode beacon period. The becon period is specified in milliseconds. The default is 100ms. -.It Fl i Ar iface "-v 0|1" Fl d Ar 0|1|2|3 +.It Xo +.Fl i Ar iface [ +.Fl v Ar 0|1 ] +.Fl d Ar 0|1|2|3 +.Xc Select the antenna diversity. Aironet devices can be configured with up to two antennas, and transmit and receive diversity can be configured @@ -245,16 +261,30 @@ option: selection sets the receive diversity and .Ar 1 sets the transmit diversity. -.It Fl i Ar iface "[ -v 0|1 ]" Fl k Ar key -Set the WEP key. For 40 bit prefix 10 hex character with 0x. -For 128 bit prefix 26 hex character with 0x. -Supports 4 keys, use even numbers are permanet and odd number -are temporary keys for example "-v 1" sets the first temporary key. -.It Fl i Ar iface Fl K Ar 0|1|2|4 +.It Fl i Ar iface Fl e Ar 0|1|2|3 +Set the transmit WEP key to use. +Note that until this command is issued, the device will use the +last key programmed. The transmit key is stored in NVRAM. Currently +set transmit key can be checked via "-C" option. +.It Xo +.Fl i Ar iface [ +.Fl v Ar 0|1|2|3|4|5|6|7 ] +.Fl k Ar key +.Xc +Set a WEP key. For 40 bit prefix 10 hex character with 0x. +For 128 bit prefix 26 hex character with 0x. Use "" as the key +to erase the key. Supports 4 keys; even numbers are for permanent keys +and odd number are for temporary keys. +For example, "-v 1" sets the first temporary key. +(A "permanent" key is stored in NVRAM; a "temporary" key is not.) +Note that the device will use the most recently-programmed key by default. +Currently set keys can be checked via "-C" option, only the sizes of the +keys are returned. +.It Fl i Ar iface Fl K Ar 0|1|2 Set authorization type. Use 0 for none, 1 for "Open", -2 for "Shared Key", 4 for "Exclude unencrypted". -.It Fl i Ar iface Fl W Ar 0|1 -Enable WEP. Use 1 to enable, 0 for disable. +2 for "Shared Key". +.It Fl i Ar iface Fl W Ar 0|1|2 +Enable WEP. Use 0 for no WEP, 1 to enable full WEP, 2 for mixed cell. .It Fl i Ar iface Fl j Ar netjoin timeout Set the ad-hoc network join timeout. When a station is first activated @@ -282,7 +312,11 @@ is specified as a series of six hexadecimal values separated by colons, e.g.: 00:60:1d:12:34:56. This programs the new address into the card and updates the interface as well. -.It Fl i Ar iface "[-v 1|2|3]" Fl n Ar SSID +.It Xo +.Fl i Ar iface [ +.Fl v Ar 1|2|3 ] +.Fl n Ar SSID +.Xc Set the desired SSID (network name). There are three SSIDs which allows the NIC to work with access points at several locations without needing to be reconfigured. @@ -373,6 +407,31 @@ The default is 2312. .It Fl h Prints a list of available options and sample usage. .El +.Sh SECURITY NOTES +WEP ("wired equivalent privacy") is based on the RC4 algorithm, +using a 24 bit initialization vector. +.Pp +RC4 is supposedly vunerable to certain known plaintext attacks, +especially with 40 bit keys. +So the security of WEP in part depends on how much known plaintext +is transmitted. +.Pp +Because of this, although counter-intuitive, using "shared key" +authentication (which involves sending known plaintext) is less +secure than using "open" authentication when WEP is enabled. +.Pp +Devices may alternate among all of the configured WEP keys when +tranmitting packets. +Therefore, all configured keys (up to four) must agree. +.Sh EXAMPLES +.Pp +.Dl ancontrol -i an0 -v 0 -k 0x12345678901234567890123456 +.Dl ancontrol -i an0 -K 2 +.Dl ancontrol -i an0 -W 1 +.Dl ancontrol -i an0 -e 0 +.Pp +Sets a WEP key 0, enables "Shared Key" authentication, enables full WEP +and uses transmit key 0. .Sh SEE ALSO .Xr an 4 , .Xr ifconfig 8 |