Version v23.10.78326

5 Wi-Fi use cases

Supported modulesSoftware versions
NORA-W36v1.0.0 onwards

The following Wi-Fi use case, shows some functionality to get started with Wi-Fi Station and Access Point.

The following examples use the MAC address below, this must be replaced by the real MAC address of the devices that are used. - Station MAC address: AAAAAAAAAAAA - Access Point MAC address: BBBBBBBBBBB

5.1 Wi-Fi station

wi-fi-ap Connect as a Wi-Fi station to an Access Point to get access to network.
The connection use DHCP client as default, to use static IP use AT+UWSIPS to set the IP address, gateway, subnet mask and DNS.
wi-fi-station

NrInstructionsAT commandAT event
1Set SSID for the NetworkAT+UWSCP=0,"NORA-W36 Access Point"
2Set the Password, minimum WPA2
and DHCP client is default
AT+UWSSW=0,"mypassword",0
3Connect Wi-Fi stationAT+UWSC=0
4Wait for Wi-Fi interface+UEWLU:0,BBBBBBBBBBB,6
5Wait for Network interface+UEWSNU
6Check IP address (optional)AT+UWSNST=0+UWSNST:0,192.168.1.100
7Check RSSI (optional)AT+UWSST=4+UWSST:4,-66
8It is now possible to connect TCP, UDP
and send and receive data using String or Binary mode.
It is also possible to connect MQTT
9Disconnect Wi-Fi stationAT+UWSDC
  • Note: If NORA-W36 should connect to Wi-Fi at startup the Connect, Store and Reset should be send, AT+UWSC=0, AT&W and AT+CPWROFF, the current Wi-Fi Station state is be stored in flash and NORA-W36 will try to connect using the stored SSID and password at startup

5.2 Wi-Fi access point

wi-fi-ap This use case NORA-W36 act as a Wi-Fi Access Point to let Wi-Fi Stations connect and send and receive data to NORA-W36.
The Wi-Fi connection has WPA2 and DHCP server (connected stations will get a 192.168.1.100 + x IP address) as default.
wi-fi-ap

NrInstructionsAT commandAT event
1Set SSID and channel for the Network
and use channel 6
AT+UWAPCP="NORA-W36 Access Point",6
2Set the Password, using WPA2AT+UWAPSW="mypassword"
3Activate Wi-Fi Access point
DHCP Server is enabled by default
AT+UWAPA
4Wait for Access Point+UEWAPU
5Wait for Network interface+UEWAPNU
6Check IP address of the AP (optional)AT+UWAPNST=0+UWAPNST:0,192.168.1.80
7Station connected+UEWAPSA:AAAAAAAAAAAA
8It is now possible to connect TCP, UDP
and send and receive data using String or Binary mode.
It is also possible to connect MQTT
9Station disconnect+UEWAPSDA:AAAAAAAAAAAA
10Deactivate Wi-Fi Access PointAT+UWAPD
  • Note: If NORA-W36 should activate Wi-Fi Access Point at startup the Activate, Store and Reset should be send, AT+UWAPA, AT&W and AT+CPWROFF, the current Wi-Fi Access Point state is be stored in flash and NORA-W36 will activate the Access Point using the stored SSID and password at startup

5.3 Wi-Fi TCP client

  • ATE0 turn of AT command echo to speed up the data transmission in AT mode, the written data is not echoed back to the host, and the also for making the parsing easier
  • It is possible to connect using host name like AT+USOC=0,www.u-blox.com,80 or using ip address AT+USOC=0,75.2.60.5,80
  • TCP is bidirectional and both send and receive is possible from TCP client and server

TCP is bidirectional and one socket can both send and receive data. | Nr| Instructions | AT command | AT event | |—|——————————————-|———————————–|——————————| | 1 | Create a TCP socket | AT+USOCR=6 | +USOCR:0 | 2 | Connect using TCP port 5003 | AT+USOC=0,192.168.0.200,5003 | +UESOC:0 | 3 | It is now possible to send and receive data using String or Binary mode | | | 4 | Close TCP socket | AT+USOCL=0 | +UESOCL:0 | 

5.4 Wi-Fi TCP server (listener)

NrInstructionsAT commandAT event
1Create a TCP socketAT+USOCR=6+USOCR:0
2Start TCP server (listener) on port 5003AT+USOL=0,5003+UESOC:0
3Incoming TCP connection, a new handle 1 to communicate with the connection+UESOIC:0,192.168.1.100,1
4It is now possible to send and receive data using String or Binary mode
5TCP connection is closed from remote side+UESOCL:1
6Close TCP listenerAT+USOCL=0+UESOCL:0

5.5 Wi-Fi UDP client

  • It is possible to connect using host name like AT+USOC=0,www.u-blox.com,80 or using ip address AT+USOC=0,75.2.60.5,80
  • Note that UDP is not bi-directional as TCP, both an outgoing and incoming socket, AT+USOL are needed to be both be able to send and receive data on UDP.
NrInstructionsAT commandAT event
1Create a UDP socketAT+USOCR=17+USOCR:0
2Connect using UDP port 5003AT+USOC=0,192.168.0.200,5003+UESOC:0
3It is now possible to send data using String or Binary mode
4Close UDP socketAT+USOCL=0+UESOCL:0

5.6 Wi-Fi UDP server (listener)

NrInstructionsAT commandAT event
1Create a UDP socketAT+USOCR=17+USOCR:0
2Start UDP server (listener) on port 5003AT+USOL=0,5003+UESOC:0
3It is now possible to receive data using String or Binary mode
4Close UDP listenerAT+USOCL=0+UESOCL:0

5.7 Wi-Fi TCP using TLS without certificates

  • Note that some TLS Extensions are enabled by default and in some on some (mostly older) TLS servers they are not supported, https://www.rfc-editor.org/rfc/rfc6066.html
  • Those are Server Name Indication and Maximum Fragment Length Negotiation they can be disabled with
  • AT+USETE0=0 Server Name Indication, 0: Disable - 1: Enable (default)
  • AT+USETE1=0 Maximum Fragment Length Negotiation, 0: Disable - 1: Enable (default)
  • All other Extension are disabled and not supported.
  • It is possible to connect using host name like AT+USOC=0,www.u-blox.com,80 or using ip address AT+USOC=0,75.2.60.5,80

TCP is bidirectional and one socket can both send and receive data. | Nr| Instructions | AT command | AT event | |—|——————————————-|———————————–|——————————| | 1 | Create a TCP socket | AT+USOCR=6 | +USOCR:0 | 2 | Add a TLS context to a socket | AT+USOTLS=0,1 | | 3 | Connect using TCP port 433 | AT+USOC=0,www.u-blox.com,433 | +UESOC:0 | 4 | It is now possible to send data using String or Binary mode | | | 5 | Close TCP socket | AT+USOCL=0 | +UESOCL:0 | 

5.8 Wi-Fi TCP using TLS with certificates

TCP is bidirectional and one socket can both send and receive data. | Nr| Instructions | AT command | AT event | |—|——————————————-|———————————–|——————————| | 1| Write a X.509 certificate and private key using Binary data | AT+USECUB=0,"ca.pem"[send binary content of "ca.pem"]
AT+USECUB=1,"client.pem"[send binary content of "client.pem"]
AT+USECUB=2,"client.key"[send binary content of "client.key"]
See Binary data for more information, note that the brackets “[” and ”]”
should NOT be sent, they are just here in this example | | 2 | Create a TCP socket | AT+USOCR=6 | +USOCR:0 | 3 |Add a TLS context to a socket and certificates | AT+USOTLS=0,1,"ca.pem","client.pem","client.key" | | 4 | Connect using TCP port 433 | AT+USOC=0,www.u-blox.com,433 | +UESOC:0 | 5 | It is now possible to send data using String or Binary mode | | | 6 | Close TCP socket | AT+USOCL=0 | +UESOCL:0 | 

5.9 Create own certificates using OpenSSL

Here is some example to cerate own certificates using OpenSSL https://www.openssl.org/. It shows how to use 2048 or 4096 bit keys length.

Create root CA key Generate 2048 key size: openssl genrsa -out ca.key 2048

or

Generate 4096 key size: openssl genrsa -out ca.key 4096

Create the root CA based on ca.key: openssl req -x509 -sha256 -new -nodes -key ca.key -days 3650 -out ca.pem

Create server certificate Create the server certificate signing request (CSR) for 2048 key size: openssl req -newkey rsa:2048 -keyout server.key -out server.csr -nodes

or

Create the server certificate signing request (CSR) for 4096 key size: openssl req -newkey rsa:4096 -keyout server.key -out server.csr -nodes

Create the server certificate using root CA and server csr, valid for 10 years: openssl x509 -req -CA ca.pem -CAkey ca.key -in server.csr -out server.pem -days 3650 -CAcreateserial

Create client certificate

Create the client certificate signing request (CSR) for 2048 key size: openssl req -newkey rsa:2048 -keyout client.key -out client.csr -nodes

or

Create the client certificate signing request (CSR) for 4096 key size: openssl req -newkey rsa:4096 -keyout client.key -out client.csr -nodes

Create the client certificate using root CA and client csr, valid for 10 years: openssl x509 -req -CA ca.pem -CAkey ca.key -in client.csr -out client.pem -days 3650 -CAcreateserial

Set up a local TLS 1.2 server (without CA validation in this case): winpty openssl s_server -CAfile ca.pem -key server.key -cert server.pem -accept 44330 -tls1_2 -state -Verify 1

Connect to the a local TLS 1.2 server, just to try the connection (without CA validation in this case): winpty openssl s_client -connect localhost:44330 -CAfile ca.pem -key client.key -cert client.pem -tls1_2

Check the key size of the CA certificate: openssl x509 -in ca.pem -text -noout | grep "Public-Key" RSA Public-Key: (4096 bit)

Check the key size of the client certificate: openssl x509 -in client.pem -text -noout | grep "Public-Key" RSA Public-Key: (4096 bit)

Check the size of the client key: openssl rsa -in client.key -text -noout | grep "Private-Key" RSA Private-Key: (4096 bit, 2 primes)