WLAN Client Interface¶
The WLAN client interface allows an xPico 600 gateway to connect to a WLAN network comprising of one or more Wi-Fi access points and optional backend Authentication servers. You can configure and view status of the wlan0 Interface and view the Link status.
To configure the WLAN Interface:
In Web Manager:
- Go to Network > wlan0 > Interface > Configuration.
In the CLI:
For XML:
WLAN Interface Configuration Settings¶
The following table describes the Web Manager WLAN Interface configuration settings.
Links to the equivalent settings for the CLI and XML reference are listed below.
CLI settings: See Config Interface level
XML settings: See configgroup Interface
| Network wlan0 Interface Settings | Description |
|---|---|
| State | Enable or disable the WLAN interface. |
| Hostname | Hostname may contain up to 63 characters. |
| Priority | Priority provides a way to determine the primary Uplink interface when both Ethernet and Wi-Fi client are enabled and operating in uplink mode. |
| MSS | Maximum Segment Size quantity in bytes. The MSS quantity applies to TCP connections on the Interface. This can be useful to avoid fragmentation over the network, which may be required because this device does not perform reassembly. |
| DHCP Client | Enable or disable the DHCP Client. |
| DHCP Client Lease duration | Has units of minutes, hours, and/or days. The negotiated Lease duration may be less than this suggested duration depending on the DHCP server policy. |
| Retry Timeout | Has units of seconds and/or minutes; if left blank, the value is "<Adaptive>". The DHCP Client will retry Discover packets at the fixed interval given by the Retry Timeout unless set for <Adaptive>. |
| IP Address | IP Address. If DHCP is disabled, enter the static IP address to use for the interface. You may enter it alone (i.e., 192.168.1.1), in CIDR format (i.e., 192.168.1.1/24), or with an explicit mask (i.e., 192.168.1.1 255.255.255.0). |
| Domain | May contain up to 128 characters. Note: A fully qualified domain name must end with a period, for example "lantronix.com."; a partial Domain will not have a trailing "." and is not fully qualified. If DHCP Client is "Enabled", it concatenates the Hostname with Domain and requests the DHCP server to update the DNS A and PTR RRs. This setting is not applicable to ap0. |
| Default Gateway | Default Gateway IP address. |
| DNS | This setting allows configuration of the DNS server address when the network address is obtained dynamically. Works on any interface where DHCP is configurable. Set to Static to specify DNS server IP address, or set to DHCP to let DHCP server determine DNS server address. |
| Primary DNS | Primary DNS IP address. |
| Secondary DNS | Secondary DNS IP address. |
Scanning for Networks¶
The WLAN client uses active and passive scanning for available Wi-Fi access points. Active scanning means that the client sends a probe request and waits for a probe response from an access point. On channels where active scanning is not allowed, the client uses passive scanning by listening to the beacons from the various access points without issuing active probe requests.
To scan for available networks:
In the Web Manager, use QuickConnect to scan for available networks or to find a specific network by SSID.
In the CLI, see WLAN scan.
Note
All network settings require a reboot to take effect.
Enterprise Wi-Fi Security¶
The xPico 600 gateway supports WPA2/WPA3-Enterprise and WPA2/WPA3-Personal security suites. The xPico 600 includes support for 802.1x, 802.11i and EAP authentication methods, along with PKI support and X.509 certificate management.
EAP methods provide mutual authentication algorithms to validate the wireless client with the backend authentication server and exchange key needed to access the wireless network. EAP methods supported in xPico include EAP-TLS, EAP-TTLS, and EAP-PEAP.
WPA2 and WPA3¶
Wi-Fi Protected Access 2 (WPA2) and Wi-Fi Protected Access 3 (WPA3) are security standards specified by the Wi-Fi Alliance and are derivatives of the IEEE 802.11i specification. These standards were developed to address the vulnerabilities found in WEP.
The xPico 600 is compliant with WPA2, WPA3 Transitional, and IEEE 802.11i.
WPA2/WPA3 with EAP-TLS, EAP-TTLS, or EAP-PEAP require the use of a certificate. You'll need to first create a TLS credential. See Data Communication Security (TLS) for more details.
To set up the WLAN profile to use TLS, configure the WLAN profile to EAP-TLS or EAP-TTLS and associate the TLS credential name. You'll also need a certificate for PEAP with EAP-TLS as the inner-authentication.
WLAN Network Profiles¶
A WLAN profile defines all of the settings necessary to establish a wireless connection with an access point (in infrastructure mode).
A maximum of four profiles can exist on the xPico 600 gateway at a time and only one profile may be connected to the WLAN network at any given time.
Creating and Configuring a WLAN Profile¶
To create a new WLAN profile:
- Create a profile name and save it.
- Configure the WLAN profile connection settings.
For information on the WLAN profile connection settings, see the following sections:
In Web Manager, go to WLAN Profiles.
For CLI, see Config WLAN Profile level.
For XML, see configgroup WLAN profile.
WLAN Profile Configuration Settings¶
The following table describes the Web Manager WLAN Profile configuration settings.
Links to the equivalent settings for the CLI and XML reference are listed below.
CLI settings: See Config WLAN Profile Level
XML settings: See configgroup WLAN Profile
| Settings | Description |
|---|---|
| Network Name (SSID) | Name of the wireless network (SSID.) |
| State | Enable or disable the profile. Enabled by default. |
| Suite | Security suite to be used for this profile. None - no authentication or encryption method will be used. WPA2 - robust secure network WPA3 - enhanced network security. |
| WPAx Authentication | Authentication type. The choices are PSK or 8021X. |
| WPAx IEEE 80211r | Enable to use 802.11r on this access point. If this is enabled but the access point does not support 802.11r, the connection will fail. |
| WPAx Roam over DS | Enable to exchange the first pair of frames in the roaming transition over the distribution system (network). Disable to exchange all handshake frames over the air, bypassing the currently connected access point. The access point will need to support the mode selected here. |
| WPAx Passphrase | Password consisting of up to 63 characters. Lantronix recommends using a passphrase of 20 characters or more for maximum security. Spaces and punctuation characters are permitted. The passphrase input is not the same as ASCII input (as used on some products.) ASCII is translated directly into hexadecimal bytes according to the ASCII table, while a possibly larger passphrase is hashed into a key and provides better security through a larger range of key values. This configuration option becomes available only when Suite is WPA2 and WPAx Authentication is PSK. |
| WPAx SAE Password | Password consisting of up to 63 characters. Lantronix recommends using a passphrase of 20 characters or more for maximum security. Spaces and punctuation characters are permitted. The passphrase input is not the same as ASCII input (as used on some products.) ASCII is translated directly into hexadecimal bytes according to the ASCII table, while a possibly larger passphrase is hashed into a key and provides better security through a larger range of key values. This configuration option becomes available only when Suite is WPA3 and WPAx Authentication is PSK. |
| WPAx IEEE 8021X | The 8021X protocol. Choices are EAP-TLS, EAP-TTLS, and PEAP. This configuration option becomes available only when WPAx Authentication is set to 8021X. |
| WPAx Username | Username for security login. This configuration option becomes available when WPAx Authentication is set to 8021X. |
| WPAx Password | Password for security login. This configuration option becomes available when WPAx IEEE 8021X is set to EAP-TLS, EAP-TTLS, or PEAP. |
| WPAx Credentials | The TLS credential to authenticate. This configuration option becomes available when WPAx IEEE 8021X is set to EAP-TLS or EAP-TTLS. |
| WPAx PEAP ver | PEAP version to use from the drop-down menu. Choices are 0 or 1. This configuration option becomes available when WPAx IEEE 8021X is set to PEAP. |
| WPAx PEAP Option | PEAP option to use from the drop-down menu. Choices are EAP-MSCHAPV2, EAP-TLS, or GTC. This configuration option becomes available when WPAx IEEE 8021X is set to PEAP. |
| WPAx PEAP Credentials | The TLS credential to authenticate. This configuration option becomes available when WPAx IEEE 8021X is set to PEAP. |
| Power Management | Radio power management reduces the overall power consumption of the xPico 600 module, but can increase latency. Choices: Enabled - Allows the module to turn off the receiver when it is idling. Disabled - Keeps the receiver on at all times. |
| PM Interval | Number of beacons (100 msec interval) between 1 and 5. The above-mentioned latency can be up to this number “X” 100 msec. This field is available for configuration when power management is enabled. |
Connecting to WLAN Networks¶
There are a number of ways to connect to a Wi-Fi access point:
- Use QuickConnect using the Web Manager to scan for and connect to a Wi-Fi access point. Provide the security passphrase.
- Create and configure a WLAN profile. The gateway will attempt to connect to the configured WLAN profiles automatically on reboot. Provide the SSID and security passphrase.
For information on the supported security suites, see Enterprise Wi-Fi Security below.
Radio¶
The wlan0 and softap0 interfaces use the same radio and antennas. The xPico 600 gateway can operate in concurrent AP and client mode. When the wlan0 interface has not associated with the Wi-Fi network, the ap0 interface will operate on the channel it is configured for.
Once the Wi-Fi Client interface connects, the ap0 interface switches its operation to the channel that the wlan0 interface is using.
To configure the radio and antenna settings, as well as roaming settings:
In Web Manager, go to Radio > Configuration.
In CLI, see Config Radio level.
In XML, see configgroup radio.
Radio Configuration Settings¶
The following table describes the Web Manager Radio configuration settings.
Links to the equivalent settings for the CLI and XML reference are listed below.
CLI settings: See Config Radio Level
XML settings: See configgroup Radio
| Radio Settings | Description |
|---|---|
| Mode | Radio mode. Choices are: Enabled - allows the Radio to operate Disabled - holds the Radio in low power Triggered - waits for CPM Role Radio Trigger to become active. Then the Radio stays up indefinitely. Initial Delay - waits a random time after power on or reset before the Radio operates. The user configures a minimum and maximum delay time. NOTE: If Radio is disabled or not yet triggered, this inhibits both ap0 and wlan0 from operating. |
| Antenna Selection | Antenna. Choices are: Auto - allows the Radio to select the best antenna at any time. 1 - forces the Radio to use only antenna 1. 2 - forces the Radio to use only antenna 2. |
| Keep Alive | Enabled or Disabled. Enabling this setting causes the WLAN client to send a null-function data frame once per second to keep the link up. |
| Max Volley Delay | Max Volley Delay in either seconds or minutes (e.g., “40 seconds” or “1 minute”). While wlan0 is disconnected, it scans in turn for each WLAN profile. One scan per profile comprises a volley. The intervolley delay is doubled after failure to join, subject to the Max Volley Delay. Short delay will compromise ap0 performance; ap0 cannot communicate while the radio is scanning. |
| Log | Enabled or Disabled. Enabling this setting causes radio log messages to be written to the Trouble Log. This facilitates troubleshooting but may compromise performance. |
| Event Log | Enabled or Disabled. Enabling this setting causes radio events to be interpreted and written to the Trouble Log for diagnostic purposes. |
| State | Enable or disable Roaming. |
| RSSI Floor | When scanning, any signal below the RSSI Floor is omitted. The default of -100 dBm is recommended. |
Wi-Fi Roaming¶
The xPico 600 device offers the ability to roam between multiple access points within the Extended Service Set Identification (ESSID) with the same network name.
The gateway software continuously tracks the signal strength of nearby access points and prevents any disruption in the wireless connection by pro-actively managing a smooth, automatic transition to the access point with the strongest signal. This provides enhanced mobility within a building or warehouse and ensures uninterrupted connectivity to the wireless network without degrading the application performance.
Based on the desired application performance with respect to latency and throughput, the xPico 600 provides multiple knobs to tune the roaming configuration.
In Web Manager, to enable, disable or configure the roaming settings, go to Radio > Configuration.
Configuration changes to Radio settings require a reboot to take effect.
For CLI, see Config Radio Level
For XML, see configroup Radio.
WLAN Power Management¶
For battery-powered devices, you may want to reduce the power consumption by enabling the radio standby mechanism. The xPico 600 gateway supports the 802.11 power save mode implemented in the radio.
Enabling the WLAN power management feature instructs the radio to stand by for a certain period, and then wake and listen to AP beacons. The standby period is defined by the PM Interval setting, which is the number of beacons that the wireless station will stand by for before waking.
To enable and configure WLAN power management:
In Web Manager, go to WLAN Profiles. Select the profile that you want to edit and find the "Power Management" and "PM Interval" settings under Advanced.
In CLI, see Config WLAN Profile Advanced Level.
In XML, see configgroup WLAN Profile