Client infrastructure mode
Digi Embedded Yocto uses the NetworkManager software package to manage any kind of Wi-Fi configuration on a Wi-Fi network. When the Wi-Fi interface is brought up NetworkManager will read the /etc/NetworkManager/system-connections/nm-wlan0 configuration file and will apply the corresponding actions for the Wi-Fi interface. The NetworkManager configuration is kept in /etc/NetworkManager/NetworkManager.conf, and the interface configuration is kept at /etc/NetworkManager/system-connections.
By default Digi Embedded Yocto configures NetworkManager to use the Wi-Fi interface in client infrastructure mode without open authentication, no encryption and no SSID. In this mode NetworkManager will not connect to any access point (AP).
Digi Embedded Yocto provides a default nm-wlan0 file which is part of the networkmanager package. This file can be customized and overridden on a custom Yocto layer or during system run time.
Configuring the NetworkManager
The nmcli is a command line tool which allows the user to interact with NetworkManager. You can use the nmcli tool to establish a manual connection for different authentication and encryption configurations.
To show information on the command line tool parameters, call nmcli without a parameter. |
You can use nmcli's edit or modify sub-commands to do any configuration or else change the configuration file itself and then restart the interface to use the new setup. The following examples show different configurations of the Wi-Fi interface using either the configuration file or the command line interface.
Open authentication and no encryption
Via configuration file
[connection] ... [wifi] ssid=<AP_name> mac-address-blacklist= seen-bssids= [ipv4] dns-search= method=auto ...
Via command line interface
~# nmcli con edit wlan0 ===| nmcli interactive connection editor |=== Editing existing '802-11-wireless' connection: 'wlan0' Type 'help' or '?' for available commands. Type 'describe [<setting>.<prop>]' for detailed property description. You may edit the following settings: connection, 802-11-wireless (wifi), 802-11-wireless-security (wi6 nmcli> set wifi.ssid <AP_name> nmcli> save nmcli> quit
In both cases, to load the new configuration file and tell NetworkManager to connect to that access point execute the following commands in the console.
~# nmcli con load /etc/NetworkManager/system-connections/nm.wlan0 ~# nmcli dev disconnect wlan0 ~# nmcli dev connect wlan0
The disconnect command might only be necessary if the Wi-Fi interface had previously been connected to a different AP.
WPA2-PSK authentication with AES-CCMP encryption
Via configuration file
[connection] ... [wifi] ssid=<AP_name> mac-address-blacklist= seen-bssids= [wifi-security] key-mgmt=wpa-psk group= pairwise= proto= psk=<AP_passphrase> ...
Via command line interface
~# nmcli con edit wlan0 ===| nmcli interactive connection editor |=== Editing existing '802-11-wireless' connection: 'wlan0' Type 'help' or '?' for available commands. Type 'describe [<setting>.<prop>]' for detailed property description. You may edit the following settings: connection, 802-11-wireless (wifi), 802-11-wireless-security (wi6 nmcli> set wifi.ssid <AP_name> nmcli> set wifi-sec.key-mgmt wpa-psk nmcli> set wifi-sec.psk <AP_passphrase> nmcli> remove wifi-sec.group nmcli> remove wifi-sec.proto nmcli> remove wifi-sec.pairwise nmcli> save nmcli> quit
In both cases, to load the new configuration file and tell NetworkManager to connect to that access point execute the following commands in the console.
~# nmcli con load /etc/NetworkManager/system-connections/nm.wlan0 ~# nmcli dev disconnect wlan0 ~# nmcli dev connect wlan0
The disconnect command might only be necessary if the Wi-Fi interface had previously been connected to a different AP.
By keeping the proto and the pairwise parameters empty, NetworkManager is able to resolve the authentication and encryption combination used by the access point. This way, you can use the same configuration to connect to an access point with any of the following encryption combinations:
-
WPA-PSK authentication with TKIP encryption
-
WPA-PSK authentication with CCMP/AES encryption
-
WPA2-PSK authentication with TKIP encryption
Fast roaming (802.11r)
Roaming in the context of 802.11 Wi-Fi networks occurs when a client with an established association to an access point (AP) migrates the connection within the same Extended Service Set (ESS) to another AP within an area of overlapping coverage. The fast roaming (802.11r) standard introduces a fast transition mechanism which performs the handshake with the new access point before the roaming starts, allowing the client and AP to perform the Pairwise Transient Key (PTK) calculation in advance. This allows fast transitions without reauthentication, and reduces handshaking overheads while providing security and quality of service.
The Wi-Fi chip on the ConnectCore 6UL supports the fast roaming standard. To use it, you need a group of access points that support the 802.11r mechanisms for fast roaming. You also need to configure them as a mobility domain so they can exchange client station details and perform client pre-authentication prior to the roam.
Since the 802.11r protocol is not yet implemented in NetworkManager, you must use wpa_supplicant to manage connectivity with fast roaming networks. To do so, build images enabling 802.11r support for wpa_supplicant by uncommenting the following setting in the defconfig file:
--- a/meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/defconfig
+++ b/meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/defconfig
@@ -429,7 +429,7 @@ CONFIG_CTRL_IFACE_DBUS_NEW=y
#CONFIG_DYNAMIC_EAP_METHODS=y
# IEEE Std 802.11r-2008 (Fast BSS Transition)
-#CONFIG_IEEE80211R=y
+CONFIG_IEEE80211R=y
Once you have support for 802.11r in your images, boot your device and add the wireless interface to the unmanaged interfaces by NetworkManager.
[keyfile]
unmanaged-devices=interface-name:p2p*;interface-name:wlan*
[...]
Configure the wireless interface in the ifupdown service to enable it automatically on boot:
auto lo
iface lo inet loopback
auto wlan0
iface wlan0 inet dhcp
wpa-driver nl80211
wpa-conf /etc/wpa_supplicant.conf
[...]
To connect with a fast roaming network, you must specify the FT-PSK
network setting in the /etc/wpa_supplicant.conf file:
[...]
network={
scan_ssid=1
ssid="myFastRoamingSSID"
# Fast BSS Transition (IEEE 802.11r) with pre-shared key
key_mgmt=FT-PSK
psk="password"
}
After these configuration steps, you can manage your wireless interface with the wpa_cli daemon and verify the connectivity status:
~# wpa_cli status Selected interface 'wlan0' bssid=xx:xx:xx:xx:xx:xx freq=5180 ssid=myFastRoamingSSID id=0 mode=station pairwise_cipher=CCMP group_cipher=CCMP key_mgmt=FT-PSK wpa_state=COMPLETED [...] ~#
You can customize the transition between the different access points that compound the Wi-Fi infrastructure by tweaking the transition threshold values. These threshold values are saved in the configuration file /lib/firmware/wlan/qcom_cfg.ini:
-
gNeighborLookupThreshold: When the signal of the current Wi-Fi connection is weaker than this dBm value, the Wi-Fi chip performs a background scan to see if there are access points with a better signal.
-
gNeighborReassocThreshold: When the signal of the current Wi-Fi connection is weaker than this dBm value and there is another access point with a better signal, the Wi-Fi chip connects to that alternate access point.
The dBm values in the config files are represented without sign. |
gNeighborLookupThreshold=66
gNeighborReassocThreshold=71