wifi: Add doc for enterprise mode #21222
Open
+189
−0
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
amar-nordic
commented
Mar 28, 2025
amar-nordic
commented
amar-nordic
requested review from
bama-nordic,
krish2718,
rado17,
sachinthegreen,
prsi98 and
krga2022
|
|
github-actions
bot
added
doc-required
CI InformationTo view the history of this post, clich the 'edited' button above Inputs:Sources:sdk-nrf: PR head: 6fb833d5ead65fbc363df2383eaf18fbc3467abc more detailssdk-nrf:
Github labels
List of changed files detected by CI (2)Outputs:ToolchainVersion: Test Spec & Results: ✅ Success; ❌ Failure; 🟠 Queued; 🟡 Progress; ◻️ Skipped;
|
amar-nordic
force-pushed
the
enterprise_mode_doc
branch
8 times, most recently
from
44020f8 to
25979ff
Compare
krish2718
changed the title
amar-nordic
force-pushed
the
enterprise_mode_doc
branch
from
25979ff to
ce8fa45
Compare
richabp
requested changes
Mar 31, 2025
There was a problem hiding this comment.
The file needs to be added in the toctree- https://github.com/nrfconnect/sdk-nrf/blob/main/doc/nrf/protocols/wifi/station_mode/index.rst.
In addition, entry in the Changelog is required.
| :local: | ||
| :depth: 2 | ||
|
|
||
| Enterprise mode for Wi-Fi® is typically used in business environments or larger networks which require enhanced security, centralized management of users by utilizing Public Key Infrastructure (PKI). |
There was a problem hiding this comment.
Suggested change
| Enterprise mode for Wi-Fi® is typically used in business environments or larger networks which require enhanced security, centralized management of users by utilizing Public Key Infrastructure (PKI). | |
| Enterprise mode for Wi-Fi® is used in business environments or larger networks, which require enhanced security and centralized management of users by utilizing Public Key Infrastructure (PKI). |
|
|
||
| Prerequisites | ||
| ============= | ||
|
|
There was a problem hiding this comment.
Suggested change
| To use this mode, ensure that the following prerequisites are met: |
| Prerequisites | ||
| ============= | ||
|
|
||
| * **RADIUS Server**: Along with self-signed local certificate(s) and private key for both Server-Side and Client-Side (for EAP-TLS) |
There was a problem hiding this comment.
Suggested change
| * **RADIUS Server**: Along with self-signed local certificate(s) and private key for both Server-Side and Client-Side (for EAP-TLS) | |
| * RADIUS Server in addition to self-signed local certificate(s) and private key for both server side and client side (for EAP-TLS). |
| ============= | ||
|
|
||
| * **RADIUS Server**: Along with self-signed local certificate(s) and private key for both Server-Side and Client-Side (for EAP-TLS) | ||
| * **Wi-Fi® Access Point**: Which supports Enterprise Mode. |
There was a problem hiding this comment.
Suggested change
| * **Wi-Fi® Access Point**: Which supports Enterprise Mode. | |
| * Wi-Fi® Access Point (AP) that supports Enterprise mode. |
|
|
||
| * **RADIUS Server**: Along with self-signed local certificate(s) and private key for both Server-Side and Client-Side (for EAP-TLS) | ||
| * **Wi-Fi® Access Point**: Which supports Enterprise Mode. | ||
| * **nRF70 Series device** : With certificates for Enterprise Mode available at zephyr/samples/net/wifi/test_certs. |
There was a problem hiding this comment.
Suggested change
| * **nRF70 Series device** : With certificates for Enterprise Mode available at zephyr/samples/net/wifi/test_certs. | |
| * nRF70 Series device with certificates for Enterprise mode available at :file:`zephyr/samples/net/wifi/test_certs` folder. |
Comment on lines
135
to
145
| Configure an Access Point with Authentication method as WPA2-Enterprise | ||
|
|
||
| Server IP Address - IP of the RADIUS (Hostapd) Server | ||
|
|
||
| Server Port - 1812 | ||
|
|
||
| Connection Secret - whatever | ||
|
|
||
| PMF - Capable | ||
|
|
||
| Apply the Configurations |
There was a problem hiding this comment.
Please check if the edits are correct. Suggesting to write the full term for PMF.
Suggested change
| Configure an Access Point with Authentication method as WPA2-Enterprise | |
| Server IP Address - IP of the RADIUS (Hostapd) Server | |
| Server Port - 1812 | |
| Connection Secret - whatever | |
| PMF - Capable | |
| Apply the Configurations | |
| Configure an access point with WPA2-Enterprise authentication method using the following parameters: | |
| * Server IP address - IP address of the RADIUS (hostapd) server | |
| * Server port - 1812 | |
| * Connection secret - whatever | |
| * PMF - Capable |
Comment on lines
147
to
148
| Build the nRF70 series DK for shell sample with Enterprise Mode | ||
| ================================================================= |
There was a problem hiding this comment.
Suggested change
| Build the nRF70 series DK for shell sample with Enterprise Mode | |
| ================================================================= | |
| Build the nRF70 Series DK for shell sample with Enterprise mode | |
| ================================================================= |
Comment on lines
150
to
160
| Verify that the Client-Side Certificates required for EAP-TLS are available | ||
|
|
||
| .. code-block:: bash | ||
|
|
||
| ls -l zephyr/samples/net/wifi/test_certs | ||
|
|
||
| cd nrf/samples/wifi/shell | ||
|
|
||
| west build -p -b nrf7002dk/nrf5340/cpuapp -- -DEXTRA_CONF_FILE=overlay-enterprise.conf -DCONFIG_WIFI_NM_WPA_SUPPLICANT_LOG_LEVEL_DBG=y -DCONFIG_LOG_MODE_IMMEDIATE=y | ||
|
|
||
| west flash |
There was a problem hiding this comment.
Suggested change
| Verify that the Client-Side Certificates required for EAP-TLS are available | |
| .. code-block:: bash | |
| ls -l zephyr/samples/net/wifi/test_certs | |
| cd nrf/samples/wifi/shell | |
| west build -p -b nrf7002dk/nrf5340/cpuapp -- -DEXTRA_CONF_FILE=overlay-enterprise.conf -DCONFIG_WIFI_NM_WPA_SUPPLICANT_LOG_LEVEL_DBG=y -DCONFIG_LOG_MODE_IMMEDIATE=y | |
| west flash | |
| To build the nRF70 Series DK for the :ref:`wifi_shell_sample` sample with Enterprise mode, complete the following steps: | |
| 1. Verify that the client-side certificates required for EAP-TLS are available by using the following commands: | |
| .. code-block:: bash | |
| ls -l zephyr/samples/net/wifi/test_certs | |
| cd nrf/samples/wifi/shell | |
| west build -p -b nrf7002dk/nrf5340/cpuapp -- -DEXTRA_CONF_FILE=overlay-enterprise.conf -DCONFIG_WIFI_NM_WPA_SUPPLICANT_LOG_LEVEL_DBG=y -DCONFIG_LOG_MODE_IMMEDIATE=y | |
| west flash |
Comment on lines
162
to
174
| To connect to WPA3-Enterprise AP | ||
| --------------------------------- | ||
|
|
||
| .. code-block:: console | ||
|
|
||
| wifi connect -s <SSID> -k 7 -a anon -K whatever -S 2 -w 2 | ||
|
|
||
| example: | ||
|
|
||
| .. code-block:: console | ||
|
|
||
| wifi connect -s WPA3-ENT_ZEPHYR_5 -k 7 -a anon -K whatever -S 2 -w 2 | ||
|
|
There was a problem hiding this comment.
Suggested change
| To connect to WPA3-Enterprise AP | |
| --------------------------------- | |
| .. code-block:: console | |
| wifi connect -s <SSID> -k 7 -a anon -K whatever -S 2 -w 2 | |
| example: | |
| .. code-block:: console | |
| wifi connect -s WPA3-ENT_ZEPHYR_5 -k 7 -a anon -K whatever -S 2 -w 2 | |
| #. Connect to the WPA3-Enterprise AP by using the following commands: | |
| .. code-block:: console | |
| wifi connect -s <SSID> -k 7 -a anon -K whatever -S 2 -w 2 | |
| Example: | |
| .. code-block:: console | |
| wifi connect -s WPA3-ENT_ZEPHYR_5 -k 7 -a anon -K whatever -S 2 -w 2 |
Comment on lines
176
to
187
| To connect the DK to WPA2-Enterprise AP | ||
| --------------------------------------- | ||
|
|
||
| .. code-block:: console | ||
|
|
||
| wifi connect -s <SSID> -k 7 -a anon -K whatever | ||
|
|
||
| example: | ||
|
|
||
| .. code-block:: console | ||
|
|
||
| wifi connect -s WPA2-ENT_ZEPHYR_2 -k 7 -a anon -K whatever |
There was a problem hiding this comment.
Suggested change
| To connect the DK to WPA2-Enterprise AP | |
| --------------------------------------- | |
| .. code-block:: console | |
| wifi connect -s <SSID> -k 7 -a anon -K whatever | |
| example: | |
| .. code-block:: console | |
| wifi connect -s WPA2-ENT_ZEPHYR_2 -k 7 -a anon -K whatever | |
| #. Connect the DK to the WPA2-Enterprise AP by using the following command: | |
| .. code-block:: console | |
| wifi connect -s <SSID> -k 7 -a anon -K whatever | |
| Example: | |
| .. code-block:: console | |
| wifi connect -s WPA2-ENT_ZEPHYR_2 -k 7 -a anon -K whatever |
amar-nordic
force-pushed
the
enterprise_mode_doc
branch
from
ce8fa45 to
b47f8a6
Compare
|
You can find the documentation preview for this PR here. Preview links for modified nRF Connect SDK documents: https://ncsdoc.z6.web.core.windows.net/PR-21222/nrf/app_dev/device_guides/nrf70/wifi_advanced_security_modes.html |
amar-nordic
force-pushed
the
enterprise_mode_doc
branch
from
b47f8a6 to
c3de48b
Compare
amar-nordic
force-pushed
the
enterprise_mode_doc
branch
from
c3de48b to
a28097d
Compare
richabp
requested changes
Apr 1, 2025
| Enterprise mode testing using hostapd | ||
| ====================================== | ||
|
|
||
| Enterprise mode for Wi-Fi® is used in business environments or larger networks, which require enhanced security and centralized management of users by utilizing Public Key Infrastructure (PKI). |
There was a problem hiding this comment.
We add the trademark only at the first occurrence.
Suggested change
| Enterprise mode for Wi-Fi® is used in business environments or larger networks, which require enhanced security and centralized management of users by utilizing Public Key Infrastructure (PKI). | |
| Enterprise mode for Wi-Fi is used in business environments or larger networks, which require enhanced security and centralized management of users by utilizing Public Key Infrastructure (PKI). |
Comment on lines
76
to
83
| To use this mode, ensure that the following prerequisites are met: | ||
|
|
||
| * RADIUS Server in addition to self-signed local certificate(s) and private key for both server-side and client-side (for EAP-TLS). | ||
|
|
||
| * Wi-Fi® Access Point (AP) that supports Enterprise mode. | ||
|
|
||
| * nRF70 Series device with certificates for Enterprise mode available at :file:`zephyr/samples/net/wifi/test_certs` folder. | ||
|
|
There was a problem hiding this comment.
Suggested change
| To use this mode, ensure that the following prerequisites are met: | |
| * RADIUS Server in addition to self-signed local certificate(s) and private key for both server-side and client-side (for EAP-TLS). | |
| * Wi-Fi® Access Point (AP) that supports Enterprise mode. | |
| * nRF70 Series device with certificates for Enterprise mode available at :file:`zephyr/samples/net/wifi/test_certs` folder. | |
| To use this mode, ensure that the following prerequisites are met: | |
| * RADIUS server in addition to self-signed local certificate(s) and private key for both server-side and client-side (for EAP-TLS). | |
| * Wi-Fi Access Point (AP) that supports Enterprise mode. | |
| * nRF70 Series device with certificates for Enterprise mode available in the :file:`zephyr/samples/net/wifi/test_certs` folder. |
| RADIUS server configuration | ||
| --------------------------- | ||
|
|
||
| Hostapd is an open-source user space software that provides an integrated RADIUS server, which can be used to simplify the setup for Enterprise mode. Therefore, in the following example, hostapd is used as a RADIUS server (authentication server) to verify Enterprise mode functionality with the nRF7002 DK, along with commercial or test access points as the Authenticator. |
There was a problem hiding this comment.
Suggested change
| Hostapd is an open-source user space software that provides an integrated RADIUS server, which can be used to simplify the setup for Enterprise mode. Therefore, in the following example, hostapd is used as a RADIUS server (authentication server) to verify Enterprise mode functionality with the nRF7002 DK, along with commercial or test access points as the Authenticator. | |
| Hostapd is an open-source user space software that provides an integrated RADIUS server, which can be used to simplify the setup for Enterprise mode. | |
| Therefore, in the following example, hostapd is used as a RADIUS server (authentication server) to verify Enterprise mode functionality with the nRF7002 DK, along with commercial or test access points as the authenticator. |
Comment on lines
90
to
130
| #. Hostapd installation | ||
|
|
||
| To install hostapd, use the following commands: | ||
|
|
||
| .. code-block:: console | ||
|
|
||
| git clone git://w1.fi/hostap.git | ||
|
|
||
| cd hostap/hostapd | ||
|
|
||
| cp defconfig .config | ||
|
|
||
| #. Edit the :file:`.config` file for hostapd to use it as a RADIUS server by using the following commands: | ||
|
|
||
| .. code-block:: console | ||
|
|
||
| Comment (by adding #) the following configurations | ||
| #CONFIG_DRIVER_HOSTAP=y | ||
| #CONFIG_DRIVER_NL80211=y | ||
| #CONFIG_LIBNL32=y | ||
|
|
||
| Enable the following configurations (by removing # from the front) | ||
| CONFIG_DRIVER_NONE=y | ||
| CONFIG_RADIUS_SERVER=y | ||
| CONFIG_EAP_PSK=y | ||
| CONFIG_EAP_PWD=y | ||
| CONFIG_EAP_GPSK_SHA256=y | ||
| CONFIG_EAP_FAST=y | ||
|
|
||
| Add the following configurations | ||
| CONFIG_PEERKEY=y | ||
| CONFIG_IEEE80211W=y | ||
|
|
||
| Verify required EAP Types are enabled | ||
| "CONFIG_EAP=y" | ||
| "CONFIG_EAP_TLS=y" | ||
| "CONFIG_EAP_PEAP=y" | ||
| "CONFIG_EAP_TTLS=y" |
There was a problem hiding this comment.
Suggested change
| #. Hostapd installation | |
| To install hostapd, use the following commands: | |
| .. code-block:: console | |
| git clone git://w1.fi/hostap.git | |
| cd hostap/hostapd | |
| cp defconfig .config | |
| #. Edit the :file:`.config` file for hostapd to use it as a RADIUS server by using the following commands: | |
| .. code-block:: console | |
| Comment (by adding #) the following configurations | |
| #CONFIG_DRIVER_HOSTAP=y | |
| #CONFIG_DRIVER_NL80211=y | |
| #CONFIG_LIBNL32=y | |
| Enable the following configurations (by removing # from the front) | |
| CONFIG_DRIVER_NONE=y | |
| CONFIG_RADIUS_SERVER=y | |
| CONFIG_EAP_PSK=y | |
| CONFIG_EAP_PWD=y | |
| CONFIG_EAP_GPSK_SHA256=y | |
| CONFIG_EAP_FAST=y | |
| Add the following configurations | |
| CONFIG_PEERKEY=y | |
| CONFIG_IEEE80211W=y | |
| Verify required EAP Types are enabled | |
| "CONFIG_EAP=y" | |
| "CONFIG_EAP_TLS=y" | |
| "CONFIG_EAP_PEAP=y" | |
| "CONFIG_EAP_TTLS=y" | |
| Hostapd installation | |
| -------------------- | |
| To install hostapd, complete the following steps: | |
| 1. Install hostapd by using the following commands: | |
| .. code-block:: console | |
| git clone git://w1.fi/hostap.git | |
| cd hostap/hostapd | |
| cp defconfig .config | |
| #. Edit the :file:`.config` file for hostapd to use it as a RADIUS server by using the following commands: | |
| .. code-block:: console | |
| Comment (by adding #) the following configurations | |
| #CONFIG_DRIVER_HOSTAP=y | |
| #CONFIG_DRIVER_NL80211=y | |
| #CONFIG_LIBNL32=y | |
| Enable the following configurations (by removing # from the front) | |
| CONFIG_DRIVER_NONE=y | |
| CONFIG_RADIUS_SERVER=y | |
| CONFIG_EAP_PSK=y | |
| CONFIG_EAP_PWD=y | |
| CONFIG_EAP_GPSK_SHA256=y | |
| CONFIG_EAP_FAST=y | |
| Add the following configurations | |
| CONFIG_PEERKEY=y | |
| CONFIG_IEEE80211W=y | |
| Verify required EAP Types are enabled | |
| "CONFIG_EAP=y" | |
| "CONFIG_EAP_TLS=y" | |
| "CONFIG_EAP_PEAP=y" | |
| "CONFIG_EAP_TTLS=y" |
Comment on lines
129
to
159
| #. Build the hostapd executable | ||
|
|
||
| .. code-block:: console | ||
|
|
||
| make clean ; make | ||
|
|
||
| #. Copy the certificates for EAP-TLS to the hostapd folder by using the following commands: | ||
|
|
||
| .. code-block:: bash | ||
|
|
||
| cp zephyr/samples/net/wifi/test_certs/* hostap/hostapd/ | ||
|
|
||
| touch hostapd.eap_user_tls | ||
|
|
||
| vim hostapd.eap_user_tls | ||
|
|
||
| $ cat hostapd.eap_user_tls | ||
| # Phase 1 users | ||
| * TLS | ||
|
|
||
| touch tls.conf | ||
|
|
||
| vim tls.conf |
There was a problem hiding this comment.
Suggested change
| #. Build the hostapd executable | |
| .. code-block:: console | |
| make clean ; make | |
| #. Copy the certificates for EAP-TLS to the hostapd folder by using the following commands: | |
| .. code-block:: bash | |
| cp zephyr/samples/net/wifi/test_certs/* hostap/hostapd/ | |
| touch hostapd.eap_user_tls | |
| vim hostapd.eap_user_tls | |
| $ cat hostapd.eap_user_tls | |
| # Phase 1 users | |
| * TLS | |
| touch tls.conf | |
| vim tls.conf | |
| Build the hostapd executable | |
| ---------------------------- | |
| To build the hostapd executable, complete the following steps: | |
| 1. Build the hostapd executable by using the following commands: | |
| .. code-block:: console | |
| make clean ; make | |
| #. Copy the certificates for EAP-TLS to the hostapd folder by using the following commands: | |
| .. code-block:: bash | |
| cp zephyr/samples/net/wifi/test_certs/* hostap/hostapd/ | |
| touch hostapd.eap_user_tls | |
| vim hostapd.eap_user_tls | |
| $ cat hostapd.eap_user_tls | |
| # Phase 1 users | |
| * TLS | |
| touch tls.conf | |
| vim tls.conf |
Comment on lines
186
to
203
| Run hostapd by using the following commands, assuming that **eno1** is the laptop interface connected to the AP (Authenticator) through Ethernet. | ||
|
|
||
| .. code-block:: bash | ||
|
|
||
| ./hostapd -i eno1 tls.conf | ||
|
|
||
| or | ||
|
|
||
| To enable debug messages and Key data | ||
| ./hostapd -i eno1 tls.conf -ddK | ||
|
|
There was a problem hiding this comment.
Do we need to add # before "To enable debug messages and Key data" to comment out?
Suggested change
| Run hostapd by using the following commands, assuming that **eno1** is the laptop interface connected to the AP (Authenticator) through Ethernet. | |
| .. code-block:: bash | |
| ./hostapd -i eno1 tls.conf | |
| or | |
| To enable debug messages and Key data | |
| ./hostapd -i eno1 tls.conf -ddK | |
| Run hostapd by using the following commands, assuming that **eno1** is the laptop interface connected to the AP (authenticator) through Ethernet. | |
| .. code-block:: bash | |
| ./hostapd -i eno1 tls.conf | |
| or | |
| To enable debug messages and Key data | |
| ./hostapd -i eno1 tls.conf -ddK |
Comment on lines
198
to
199
| Wi-Fi® access point configuration | ||
| ---------------------------------- |
There was a problem hiding this comment.
Suggested change
| Wi-Fi® access point configuration | |
| ---------------------------------- | |
| Wi-Fi access point configuration | |
| --------------------------------- |
Comment on lines
203
to
211
| * Server IP address - IP address of the RADIUS (hostapd) server | ||
|
|
||
| * Server port - 1812 | ||
|
|
||
| * Connection secret - whatever | ||
|
|
||
| * PMF - Capable | ||
|
|
||
| Apply the configurations. |
There was a problem hiding this comment.
Suggesting to write the full term for PMF.
I dont think "Apply the configurations." is required.
Suggested change
| * Server IP address - IP address of the RADIUS (hostapd) server | |
| * Server port - 1812 | |
| * Connection secret - whatever | |
| * PMF - Capable | |
| Apply the configurations. | |
| * Server IP address - IP address of the RADIUS (hostapd) server | |
| * Server port - 1812 | |
| * Connection secret - whatever | |
| * PMF - Capable |
|
|
||
| Apply the configurations. | ||
|
|
||
| Build the nRF70 Series DK for shell sample with Enterprise mode |
There was a problem hiding this comment.
Suggested change
| Build the nRF70 Series DK for shell sample with Enterprise mode | |
| Build the nRF70 Series DK for Shell sample with Enterprise mode |
Comment on lines
218
to
253
| #. Verify that the client-side certificates required for EAP-TLS are available by using the following commands: | ||
|
|
||
| .. code-block:: bash | ||
|
|
||
| ls -l zephyr/samples/net/wifi/test_certs | ||
|
|
||
| cd nrf/samples/wifi/shell | ||
|
|
||
| west build -p -b nrf7002dk/nrf5340/cpuapp -- -DEXTRA_CONF_FILE=overlay-enterprise.conf -DCONFIG_WIFI_NM_WPA_SUPPLICANT_LOG_LEVEL_DBG=y -DCONFIG_LOG_MODE_IMMEDIATE=y | ||
|
|
||
| west flash | ||
|
|
||
|
|
||
| #. Connect to the WPA3-Enterprise AP by using the following commands: | ||
|
|
||
| .. code-block:: console | ||
|
|
||
| wifi connect -s <SSID> -k 7 -a anon -K whatever -S 2 -w 2 | ||
|
|
||
| Example: | ||
|
|
||
| .. code-block:: console | ||
|
|
||
| wifi connect -s WPA3-ENT_ZEPHYR_5 -k 7 -a anon -K whatever -S 2 -w 2 | ||
|
|
||
|
|
||
| #. Connect the DK to the WPA2-Enterprise AP by using the following command: | ||
|
|
||
| .. code-block:: console | ||
|
|
||
| wifi connect -s <SSID> -k 7 -a anon -K whatever | ||
|
|
||
| Example: | ||
|
|
||
| .. code-block:: console | ||
|
|
||
| wifi connect -s WPA2-ENT_ZEPHYR_2 -k 7 -a anon -K whatever | ||
|
|
There was a problem hiding this comment.
Suggested change
| #. Verify that the client-side certificates required for EAP-TLS are available by using the following commands: | |
| .. code-block:: bash | |
| ls -l zephyr/samples/net/wifi/test_certs | |
| cd nrf/samples/wifi/shell | |
| west build -p -b nrf7002dk/nrf5340/cpuapp -- -DEXTRA_CONF_FILE=overlay-enterprise.conf -DCONFIG_WIFI_NM_WPA_SUPPLICANT_LOG_LEVEL_DBG=y -DCONFIG_LOG_MODE_IMMEDIATE=y | |
| west flash | |
| #. Connect to the WPA3-Enterprise AP by using the following commands: | |
| .. code-block:: console | |
| wifi connect -s <SSID> -k 7 -a anon -K whatever -S 2 -w 2 | |
| Example: | |
| .. code-block:: console | |
| wifi connect -s WPA3-ENT_ZEPHYR_5 -k 7 -a anon -K whatever -S 2 -w 2 | |
| #. Connect the DK to the WPA2-Enterprise AP by using the following command: | |
| .. code-block:: console | |
| wifi connect -s <SSID> -k 7 -a anon -K whatever | |
| Example: | |
| .. code-block:: console | |
| wifi connect -s WPA2-ENT_ZEPHYR_2 -k 7 -a anon -K whatever | |
| 1. Verify that the client-side certificates required for EAP-TLS are available by using the following commands: | |
| .. code-block:: bash | |
| ls -l zephyr/samples/net/wifi/test_certs | |
| cd nrf/samples/wifi/shell | |
| west build -p -b nrf7002dk/nrf5340/cpuapp -- -DEXTRA_CONF_FILE=overlay-enterprise.conf -DCONFIG_WIFI_NM_WPA_SUPPLICANT_LOG_LEVEL_DBG=y -DCONFIG_LOG_MODE_IMMEDIATE=y | |
| west flash | |
| #. Connect to the WPA3-Enterprise AP by using the following commands: | |
| .. code-block:: console | |
| wifi connect -s <SSID> -k 7 -a anon -K whatever -S 2 -w 2 | |
| Example: | |
| .. code-block:: console | |
| wifi connect -s WPA3-ENT_ZEPHYR_5 -k 7 -a anon -K whatever -S 2 -w 2 | |
| #. Connect the DK to the WPA2-Enterprise AP by using the following command: | |
| .. code-block:: console | |
| wifi connect -s <SSID> -k 7 -a anon -K whatever | |
| Example: | |
| .. code-block:: console | |
| wifi connect -s WPA2-ENT_ZEPHYR_2 -k 7 -a anon -K whatever |
amar-nordic
force-pushed
the
enterprise_mode_doc
branch
from
a28097d to
1836855
Compare
github-actions
bot
removed
the
changelog-entry-required
amar-nordic
force-pushed
the
enterprise_mode_doc
branch
2 times, most recently
from
9aaf3b4 to
a0d217a
Compare
richabp
requested changes
Apr 1, 2025
| @@ -65,6 +65,189 @@ You can use any AAA server for testing purposes, such as FreeRADIUS or hostapd. | |||
|
|
|||
| The certificates are for testing purposes only and should not be used for production. | |||
|
|
|||
| Enterprise mode testing on linux using hostapd | |||
There was a problem hiding this comment.
Suggested change
| Enterprise mode testing on linux using hostapd | |
| .. _ug_nrf70_wifi_enterprise_mode: | |
| Enterprise mode testing on linux using hostapd |
Comment on lines
249
to
250
| * The :ref:`ug_wifi_regulatory_certification` documentation is now moved under :ref:`ug_wifi` protocol page. | ||
| * Added a new section for Enterprise mode testing using hostapd to :ref:`ug_nrf70_wifi_advanced_security_modes` page |
There was a problem hiding this comment.
Suggested change
| * The :ref:`ug_wifi_regulatory_certification` documentation is now moved under :ref:`ug_wifi` protocol page. | |
| * Added a new section for Enterprise mode testing using hostapd to :ref:`ug_nrf70_wifi_advanced_security_modes` page | |
| * Added a new section :ref:`ug_nrf70_wifi_enterprise_mode` in the :ref:`ug_nrf70_wifi_advanced_security_modes` page. | |
| * The :ref:`ug_wifi_regulatory_certification` documentation is now moved under :ref:`ug_wifi` protocol page. |
Comment on lines
88
to
98
| 1. Hostapd installation | ||
|
|
||
| To install hostapd, use the following commands: | ||
|
|
||
| .. code-block:: console | ||
|
|
||
| git clone git://w1.fi/hostap.git | ||
|
|
||
| cd hostap/hostapd | ||
|
|
||
| cp defconfig .config |
There was a problem hiding this comment.
Suggested change
| 1. Hostapd installation | |
| To install hostapd, use the following commands: | |
| .. code-block:: console | |
| git clone git://w1.fi/hostap.git | |
| cd hostap/hostapd | |
| cp defconfig .config | |
| Hostapd installation | |
| -------------------- | |
| To install hostapd, complete the following steps: | |
| 1. Install hostapd by using the following commands: | |
| .. code-block:: console | |
| git clone git://w1.fi/hostap.git | |
| cd hostap/hostapd | |
| cp defconfig .config |
Comment on lines
132
to
136
| 1. Build the hostapd executable by using the following commands: | ||
|
|
||
| .. code-block:: console | ||
|
|
||
| make clean ; make |
There was a problem hiding this comment.
Suggested change
| 1. Build the hostapd executable by using the following commands: | |
| .. code-block:: console | |
| make clean ; make | |
| 1. Build the hostapd executable by using the following commands: | |
| .. code-block:: console | |
| make clean ; make |
Comment on lines
190
to
203
| Run hostapd by using the following commands, assuming that **eno1** is the laptop interface connected to the AP (authenticator) through Ethernet. | ||
|
|
||
| .. code-block:: bash | ||
|
|
||
| ./hostapd -i eno1 tls.conf | ||
|
|
||
| # To enable debug messages and Key data | ||
| ./hostapd -i eno1 tls.conf -ddK | ||
|
|
There was a problem hiding this comment.
Suggested change
| Run hostapd by using the following commands, assuming that **eno1** is the laptop interface connected to the AP (authenticator) through Ethernet. | |
| .. code-block:: bash | |
| ./hostapd -i eno1 tls.conf | |
| # To enable debug messages and Key data | |
| ./hostapd -i eno1 tls.conf -ddK | |
| Run hostapd by using the following commands, assuming that **eno1** is the laptop interface connected to the AP (Authenticator) through Ethernet. | |
| .. code-block:: bash | |
| ./hostapd -i eno1 tls.conf | |
| #To enable debug messages and Key data | |
| ./hostapd -i eno1 tls.conf -ddK |
doc/nrf/app_dev/device_guides/nrf70/wifi_advanced_security_modes.rst
Outdated
Show resolved
Hide resolved
amar-nordic
force-pushed
the
enterprise_mode_doc
branch
from
a0d217a to
d84f64b
Compare
amar-nordic
force-pushed
the
enterprise_mode_doc
branch
from
d84f64b to
a2f6552
Compare
Update the documentation for the wifi for Enterprise-Mode security configuration Signed-off-by: Amit Arora <amit.arora@nordicsemi.no>
amar-nordic
force-pushed
the
enterprise_mode_doc
branch
from
a2f6552 to
6fb833d
Compare
richabp
approved these changes
Apr 2, 2025
bama-nordic
approved these changes
Apr 2, 2025
|
|
||
| Enterprise mode | ||
| ################ | ||
|
|
There was a problem hiding this comment.
Add the below:
.. contents::
:local:
:depth: 2
| PMF - Capable | ||
|
|
||
| Apply the Configurations | ||
|
|
There was a problem hiding this comment.
Please add a pic here of the AP configuration for reference.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.