We will continue with building our Linux Layer 3 switch with another tutorial that explains installation and configuration secure Wireless Access Point - AP for wireless LAN users. AP will be configured to use secure WPA2 protocol for client authentication, using Preshared key - PSK. Traffic between AP and clients will be encrypted using modern AES encryption. The introduction tutorial that describes concept of Linux L3 switch/router, hardware and software requirements is here.
1. Install pciutils
[root@swouter-x86 ~]# yum install pciutils
2. Get information about Wireless Ethernet card
[root@swouter-x86 ~]# lspci -vnn
<Output is truncated>
00:11.0 Network controller [0280]: Broadcom Corporation BCM4318 [AirForce One 54g] 802.11g Wireless LAN Controller [14e4:4318] (rev 02)
Subsystem: ASUSTeK Computer Inc. WL-138G v2 / WL-138gE / WL-100gE [1043:100f]
Flags: bus master, fast devsel, latency 64, IRQ 5
Memory at dfffa000 (32-bit, non-prefetchable) [size=8K]
Kernel driver in use: b43-pci-bridge
Kernel modules: ssb
<Output is truncated>
We can see that chipset BCM4318 is presented and Kernel driver b43 is in use. Now compare an output in double bracket - [14e4:4318] with the list of supported hardware chipsets
We can see that BCM4318 is supported and b/g mode is available. Although b43 driver supports AP mode (check the feature section), the site tells us:
BCM4318 chipset has this known issue: AP mode does not work because of packet loss in high transmission rates. We will test it later.
These are other outputs that can help with troubleshooting.
[root@swouter-x86 ~]# dmesg
<Output is truncated>
b43-phy0: Broadcom 4318 WLAN found (core revision 9)
b43-phy0 debug: Found PHY: Analog 3, Type 2, Revision 7
b43-phy0 debug: Found Radio: Manuf 0x17F, Versionwebsite 0x2050, Revision 8
phy0: Selected rate control algorithm 'minstrel'
Registered led device: b43-phy0::tx
Registered led device: b43-phy0::rx
Registered led device: b43-phy0::assoc
Registered led device: b43-phy0::radio
Broadcom 43xx driver loaded [ Features: PMLS, Firmware-ID: FW13 ]
<Output is truncated>
[root@swouter-x86 ~]# lsmod | grep b43
b43 181773 0
mac80211 129050 1 b43
cfg80211 118045 2 b43,mac80211
ssb 47878 1 b43
mmc_core 61320 2 b43,ssb
3. Device firmware installation for chipset BCM4318
According to the link, the Broadcom wireless chip needs proprietary software (called "firmware") that runs on the wireless chip itself to work properly. This firmware is copyrighted by Broadcom and must be extracted from Broadcom's proprietary drivers. To get such firmware on our system, we must download the driver from a legal distribution point, extract it, and install it.
a/ Install the b43-fwcutter
If we want to use the newest Broadcom firmware 5.10.56.27.3 we must use b43-fwcutter. version 014. CentOS repository offers only b43-fwcuter version 012 that supports only firmware up to version 4.150.10.5. For this reason we need to compile and install b43-fwcutter from sources.
http://wireless.kernel.org/en/users/Drivers/b43#other_distros
[root@swouter-x86 ~]# yum install wget make kernel-headers gcc
[root@swouter-x86 ~]# wget http://bu3sch.de/b43/fwcutter/b43-fwcutter-014.tar.bz2
[root@swouter-x86 ~]# tar xjf b43-fwcutter-014.tar.bz2
[root@swouter-x86 ~]# cd b43-fwcutter-014
[root@swouter-x86 ~]# make
[root@swouter-x86 ~]# make install
Check if fw-cutter is correctly installed:
[root@swouter-x86 b43-fwcutter-014]# /usr/local/bin/b43-fwcutter --help
b43-fwcutter version 014
b/ Extract firmware to /lib/firmware
website
root@swouter-x86 ~]# export FIRMWARE_INSTALL_DIR="/lib/firmware"
[root@swouter-x86 ~]# wget http://mirror2.openwrt.org/sources/broadcom-wl-5.10.56.27.3_mipsel.tar.bz2
[root@swouter-x86 ~]# tar jxvf broadcom-wl-5.10.56.27.3_mipsel.tar.bz2
[root@swouter-x86 ~]# /usr/local/bin/b43-fwcutter -w "$FIRMWARE_INSTALL_DIR" broadcom-wl-5.10.56.27.3/driver/wl_apsta/wl_prebuilt.o
Firmware is being installed in /lib/firmware/b43 directory.
4. Install wireless-tools
[root@swouter-x86 ~]# yum install wireless-tools.i686
5. Testing
[root@swouter-x86 ~]# iwconfig wlan0 mode Master
Error for wireless request "Set Mode" (8B06) :
SET failed on device wlan0 ; Invalid argument.
From the first look, it seems that Master mode is not supported. According this link, b43 driver should allow us to create AP. Thus we need to install hostapd utility that allow us to switch wireless card to Master mode.
6. Hostapd Installation
a) Install neccessary packages for hostapd compilation and get the latest vesion of hostapd
[[root@swouter-x86 hostapd]# yum install glibc libnl.i686 libnl-devel.i686 openssl-devel
[root@swouter-x86 ~]# wget http://w1.fi/releases/hostapd-0.7.3.tar.gz
[root@swouter-x86 ~]# tar zxvf hostapd-0.7.3.tar.gz
[root@swouter-x86 ~]# cd hostapd-0.7.3/hostapd/
b) Create configuration file and enable NL80211 support
[root@swouter-x86 hostapd]# cp defconfig .config
[root@swouter-x86 hostapd]# vi .config
Now find the line that contains following configuration:
#CONFIG_DRIVER_NL80211=y
Uncomment the line by removing the '#' sign. Repeat it for other settings that you may be interested in. The basic configuration, with only this line uncommented is enough to get hostapd up and running with WPA/WPA2 authentication and encryption.
c) Compile hostapd and save it to /usr/local/bin/ directory
[root@swouter-x86 hostapd]# make
[root@swouter-x86 hostapd]# cp ./hostapd /usr/local/bin/
d) Create configuration file for hostapd
[root@swouter-x86 ~]# vim /etc/hostapd.conf
interface=wlan0
driver=nl80211
ssid=Swouter-x86-wlan
channel=1
hw_mode=g
wpa=2
wpa_key_mgmt=WPA-PSK
wpa_pairwise=CCMP
wpa_passphrase=your_password
e) Make init script for hostapd
We can use a script from this website:
#!/bin/sh
#start/stop the hostapd server
#
# chkconfig: 2345 99 10
# description: hostap daemon
# processname: hostapd
# config: /etc/hostapd.conf
# pidfile: /var/run/hostapd.pid
#
PATH=/bin:/usr/bin:/usr/local/bin:/sbin:/usr/sbin
export PATH
# Source function library.
. /etc/rc.d/init.d/functions
stop()
{
echo -n "Stopping hostapd daemon: "
killproc hostapd
echo
rm -f /var/lock/subsys/hostapd
}
start()
{
echo -n "Starting hostapd daemon: "
daemon /usr/local/bin/hostapd /etc/hostapd.conf -P /var/run/hostapd.pid -B
echo
touch /var/lock/subsys/hostapd
}
# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
status)
status hostapd
;;
restart)
stop
start
;;
*)
echo "Usage: hostapd {start|stop|status|restart}"
exit 1
esac
exit 0
Create /etc/init.d/hostapd file and copy script to the file. Assign run permission to the file.
[root@swouter-x86 ~]# chmod +x /etc/init.d/hostapd
f) Configure an init script to be started after reboot for all runlevels
root@swouter-x86 ~]# chkconfig --add hostapd
g/ Testing
Output from the client connected to AP. Notice "Invalid misc" counter.
[brezular@COM-8510p ~]$ iwconfig wlan0
wlan0 IEEE 802.11abgn ESSID:"Swouter-x86-wlan"
Mode:Managed Frequency:2.432 GHz Access Point: 00:17:31:CE:6A:CF
Bit Rate=54 Mb/s Tx-Power=15 dBm
Retry long limit:7 RTS thr:off Fragment thr:off
Power Management:off
Link Quality=70/70 Signal level=-31 dBm
Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0
Tx excessive retries:0 Invalid misc:247 Missed beacon:0
According to: http://linux.die.net/man/8/iwconfig - this counter means packets lost in relation with specific wireless operations. Even the counter is slowly increasing, there is not any noticeable loss of packets which prevents us to use this Wireless card.
Here is the list of articles I had been intensively using during writing.
http://wireless.kernel.org/en/users/Drivers/b43#devicefirmware
http://wiki.centos.org/HowTos/Laptops/Wireless
http://wiki.centos.org/HowTos/Laptops/Wireless/Broadcom?action=show
http://forums.opensuse.org/english/get-technical-help-here/wireless/410165-creating-access-point-11-1-a.html
http://linuxwireless.org/en/users/Documentation/hostapd#Download_and_compile_hostapd
http://linuxwireless.org/en/users/Drivers
http://djlab.com/2010/02/basic-hostapd-init-script-for-redhatcentos-variants/
http://linux.die.net/man/8/iwconfig