Linux – How to use WPA2 client mode in the Linux-based Cisco WAP4410N access point

access-pointciscolinuxwpa2

I have a Cisco WAP4410N access point that I want to use as a client to connect to a WPA2 wireless network (for WLAN service monitoring purposes).

Supposedly this access point supports a "Wireless Client/Repeater" mode that allows to do this. The Repeater function is optional (I have that box unchecked so that nobody can connect to this access point wirelessly). I have verified through SSH that the access point gets configured as a client and not as a Master. But it never associates to the SSID I ask it to. This is what iwconfig shows:

ath04     IEEE 802.11ng  ESSID:"myownssid"
          Mode:Managed  Channel:0  Access Point: Not-Associated
          Bit Rate:0 kb/s   Tx-Power:14 dBm   Sensitivity=1/3
          Retry:off   RTS thr:off   Fragment thr:off
          Encryption key:off
          Power Management:off
          Link Quality=0/94  Signal level=161/162  Noise level=161/161
          Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0
          Tx excessive retries:0  Invalid misc:0   Missed beacon:0

Although I've never done this from the command line, I suppose I could use wpa_supplicant or wpa_client to associate it, but I don't know how to do that without editing configuration files and the filesystem is readonly. Besides, I would have to run those commands manually after every reboot.

I'd like to know how to do this the Cisco way, if possible. If not, any trick to make this work would be useful.

Edit: This is with the latest firmware, 2.0.4.2. And I found that not all of the filesystem is readonly, since /var and /tmp are mounted with type ramfs.

Best Answer

OK, I think I got it. I ssh'd into the access point and I think it's a bug in Cisco's firmware.

After the "Wireless Client/Repeater" mode is selected an option is stored and the system is rebooted. Options can be read using the nvram command, and this particular option seems to be

wlan0_op_mode=UnversalClient

On every boot the system reads that option and generates a suitable configuration file for wpa_supplicant, storing it in /var/wpasupp.cfg (/var turned out to be mounted in RAM and writeable).

The SSID and passphrase stored in that file are correctly taken from the first SSID configured. BUT there's a bug in the code that generates the configuration file, since it includes a line that wpa_supplicant cannot parse.

This line reads:

ctrl_interface=/var/run/wpa_supplicant

Now this line seems OK considering how other versions of wpa_supplicant behave. But this particular version of wpa_supplicant included in Cisco's WAP4410N cannot parse it, and says so when run with the debugging option -d.

My conclusion is that it should've worked right from the start, but it didn't because of this bug.

To make it work this file must be modified and wpa_supplicant must be run manually after each boot.

Related Topic