COMPANY CONFIDENTIAL
67
3.2 Security
The AP will support various security modes including WEP, WPA, WPA2, and WPA Enterprise modes. WPA/WPA2
modes will support both AES and TKIP encryption methods.
3.2.1 WEP Configuration
To configure an AP or Station for WEP operations, one will edit the WEP.conf file in /etc/ath/ and set the key values as
required. This is a simple script file that gets the AP name passed as an argument. Both AP and Client side can be
configured for WEP mode. Note that use of WEP will limit the link to legacy rates – WEP is not supported for HT rates.
Also, WEP MUST be on the first VAP (aht0) to be effective. This is due to a key cache limitation on the OWL
hardware. Therefore, a warning will be issued if WEP is configured for any other VAP than ath0.
Example: Setting up an AP VAP for WEP
This will create a VAP on channel 6 with an SSID of Atheros_XSpan, using WEP security mode with the default
values in the WEP.conf file
# export AP_SECMODE=WEP
# export AP_SECFILE=WEP.conf
# apup
3.2.2 WPA
The WPA configurations apply to both Client and AP sides. WPA can be configured for either pre shared key (PSK)
mode, or for Enterprise (EAP) mode. Pre shared key indicates that the key information is kept in both the AP and the
client side. For Enterprise WPA, a Radius server or other remote authentication server is required for the AP to
communicate with the authentication server the connection.
3.2.2.1 Enabling WPA Preauthorization (AP only)
This feature is controlled by the .conf file for hostapd. This file has two parameters that must be set, rsn_preauth and
rsn_preauth_interface. The first enables the feature, and the second indicates the specific interfaces where preauth
frames will be received from other routers. Ensure this is configured in the file prior to starting the
apup
script.
rsn_preauth=1
rsn_preauth_interfaces=br0
