Wi-Fi Network Management on macOS
Deploy and manage comprehensive Wi-Fi network configurations across your MacFleet devices. This tutorial covers network policy management, security configurations, proxy settings, DNS management, and enterprise-grade network deployment strategies.
Understanding macOS Network Management
macOS provides powerful command-line tools for network management:
networksetup
- Primary tool for network configurationairport
- Advanced Wi-Fi scanning and managementscutil
- System configuration utility for network settings- Network profiles - Enterprise policy-based network management
Basic Wi-Fi Operations
Enable/Disable Wi-Fi Interface
#!/bin/bash
# Enable Wi-Fi interface
enable_wifi() {
echo "Enabling Wi-Fi interface..."
networksetup -setairportpower en0 on
if [[ $? -eq 0 ]]; then
echo "✅ Wi-Fi interface enabled successfully"
return 0
else
echo "❌ Failed to enable Wi-Fi interface"
return 1
fi
}
# Disable Wi-Fi interface
disable_wifi() {
echo "⚠️ Disabling Wi-Fi interface..."
echo "Ensure device has alternative connectivity (Ethernet, etc.)"
networksetup -setairportpower en0 off
if [[ $? -eq 0 ]]; then
echo "✅ Wi-Fi interface disabled successfully"
return 0
else
echo "❌ Failed to disable Wi-Fi interface"
return 1
fi
}
# Usage
enable_wifi
# disable_wifi
Turn Wi-Fi Service On/Off
#!/bin/bash
# Turn Wi-Fi service on (user can still control from menu bar)
turn_wifi_on() {
echo "Turning Wi-Fi service on..."
networksetup -setnetworkserviceenabled Wi-Fi on
if [[ $? -eq 0 ]]; then
echo "✅ Wi-Fi service turned on"
return 0
else
echo "❌ Failed to turn Wi-Fi service on"
return 1
fi
}
# Turn Wi-Fi service off (user can still control from menu bar)
turn_wifi_off() {
echo "Turning Wi-Fi service off..."
networksetup -setnetworkserviceenabled Wi-Fi off
if [[ $? -eq 0 ]]; then
echo "✅ Wi-Fi service turned off"
return 0
else
echo "❌ Failed to turn Wi-Fi service off"
return 1
fi
}
# Check Wi-Fi service status
check_wifi_service() {
echo "Checking Wi-Fi service status..."
local status
status=$(networksetup -getnetworkserviceenabled Wi-Fi)
echo "Wi-Fi service status: $status"
return 0
}
# Usage
check_wifi_service
turn_wifi_on
Wi-Fi Network Information
Get Current Network Information
#!/bin/bash
# Get current Wi-Fi network SSID
get_current_network() {
echo "=== Current Wi-Fi Network ==="
local network_info
network_info=$(networksetup -getairportnetwork en0)
if [[ "$network_info" == *"not associated"* ]]; then
echo "❌ Not connected to any Wi-Fi network"
return 1
else
echo "📶 $network_info"
return 0
fi
}
# Get comprehensive Wi-Fi information
get_wifi_info() {
echo "=== Wi-Fi Network Information ==="
networksetup -getinfo Wi-Fi
echo -e "\n=== Wi-Fi Interface Details ==="
ifconfig en0 | grep -E "(inet |ether |status)"
echo -e "\n=== Wi-Fi Quality ==="
/System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport -I
}
# Get available networks
scan_networks() {
echo "=== Available Wi-Fi Networks ==="
/System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport -s
}
# Usage
get_current_network
echo ""
get_wifi_info
echo ""
scan_networks
Advanced Network Diagnostics
#!/bin/bash
# Comprehensive network diagnostics
network_diagnostics() {
echo "=== MacFleet Network Diagnostics ==="
echo "Timestamp: $(date)"
echo "Hostname: $(hostname)"
echo "======================================="
# Wi-Fi interface status
echo -e "\n🔍 Wi-Fi Interface Status:"
local wifi_power
wifi_power=$(networksetup -getairportpower en0)
echo "Power: $wifi_power"
local wifi_service
wifi_service=$(networksetup -getnetworkserviceenabled Wi-Fi)
echo "Service: $wifi_service"
# Current connection
echo -e "\n📶 Current Connection:"
networksetup -getairportnetwork en0
# Network configuration
echo -e "\n⚙️ Network Configuration:"
networksetup -getinfo Wi-Fi
# DNS settings
echo -e "\n🌐 DNS Settings:"
networksetup -getdnsservers Wi-Fi
# Proxy settings
echo -e "\n🔒 Proxy Settings:"
networksetup -getwebproxy Wi-Fi
networksetup -getsecurewebproxy Wi-Fi
networksetup -getautoproxyurl Wi-Fi
# Signal quality
echo -e "\n📊 Signal Quality:"
/System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport -I | grep -E "(SSID|BSSID|RSSI|noise|CC|channel)"
# Connectivity test
echo -e "\n🌍 Connectivity Test:"
if ping -c 3 8.8.8.8 >/dev/null 2>&1; then
echo "✅ Internet connectivity: Available"
else
echo "❌ Internet connectivity: Failed"
fi
if ping -c 3 apple.com >/dev/null 2>&1; then
echo "✅ DNS resolution: Working"
else
echo "❌ DNS resolution: Failed"
fi
}
# Generate network report
generate_network_report() {
local report_file="/tmp/network_report_$(date +%Y%m%d_%H%M%S).txt"
echo "Generating network report: $report_file"
network_diagnostics > "$report_file"
echo "📄 Network report saved: $report_file"
return 0
}
# Usage
network_diagnostics
Enterprise Wi-Fi Management System
#!/bin/bash
# MacFleet Enterprise Wi-Fi Management System
# Centralized Wi-Fi configuration and policy management for fleet devices
# Configuration
LOG_FILE="/var/log/macfleet_wifi.log"
CONFIG_DIR="/etc/macfleet/wifi"
PROFILES_DIR="$CONFIG_DIR/profiles"
POLICIES_DIR="$CONFIG_DIR/policies"
BACKUP_DIR="/var/backups/network_configs"
# Network profile templates
declare -A NETWORK_PROFILES=(
["corporate"]="security=WPA2Enterprise,proxy=auto,dns=corporate"
["guest"]="security=WPA2Personal,proxy=none,dns=public"
["secure"]="security=WPA2Enterprise,proxy=mandatory,dns=secure"
["development"]="security=WPA2Personal,proxy=bypass,dns=dev"
["public"]="security=none,proxy=auto,dns=public"
)
# DNS server configurations
declare -A DNS_CONFIGS=(
["corporate"]="10.0.1.1 10.0.1.2"
["public"]="8.8.8.8 8.8.4.4"
["secure"]="1.1.1.1 1.0.0.1"
["dev"]="192.168.1.1 8.8.8.8"
)
# Proxy configurations
declare -A PROXY_CONFIGS=(
["corporate_web"]="proxy.company.com:8080:authenticated"
["corporate_auto"]="http://proxy.company.com/proxy.pac"
["guest_web"]="guest-proxy.company.com:3128:none"
)
# Logging function
log_action() {
echo "$(date '+%Y-%m-%d %H:%M:%S') - $1" | tee -a "$LOG_FILE"
}
# Setup directories
setup_directories() {
for dir in "$CONFIG_DIR" "$PROFILES_DIR" "$POLICIES_DIR" "$BACKUP_DIR"; do
if [[ ! -d "$dir" ]]; then
mkdir -p "$dir"
log_action "Created directory: $dir"
fi
done
}
# Backup current network configuration
backup_network_config() {
local backup_timestamp
backup_timestamp=$(date '+%Y%m%d_%H%M%S')
local backup_file="$BACKUP_DIR/network_config_$backup_timestamp.tar.gz"
log_action "Creating network configuration backup: $backup_file"
# Create temporary backup directory
local temp_backup="/tmp/network_backup_$$"
mkdir -p "$temp_backup"
# Export current settings
{
echo "# Wi-Fi Service Status"
networksetup -getnetworkserviceenabled Wi-Fi
echo -e "\n# Wi-Fi Power Status"
networksetup -getairportpower en0
echo -e "\n# Current Network"
networksetup -getairportnetwork en0
echo -e "\n# Network Info"
networksetup -getinfo Wi-Fi
echo -e "\n# DNS Servers"
networksetup -getdnsservers Wi-Fi
echo -e "\n# Search Domains"
networksetup -getsearchdomains Wi-Fi
echo -e "\n# Web Proxy"
networksetup -getwebproxy Wi-Fi
echo -e "\n# Secure Web Proxy"
networksetup -getsecurewebproxy Wi-Fi
echo -e "\n# Auto Proxy"
networksetup -getautoproxyurl Wi-Fi
echo -e "\n# Proxy Bypass Domains"
networksetup -getproxybypassdomains Wi-Fi
} > "$temp_backup/current_config.txt"
# Create compressed backup
if tar -czf "$backup_file" -C "$(dirname "$temp_backup")" "$(basename "$temp_backup")" 2>/dev/null; then
log_action "✅ Network backup created: $backup_file"
rm -rf "$temp_backup"
echo "$backup_file"
return 0
else
log_action "❌ Network backup failed"
rm -rf "$temp_backup"
return 1
fi
}
# Configure DNS servers
configure_dns() {
local dns_profile="$1"
local custom_dns="$2"
log_action "Configuring DNS servers: $dns_profile"
local dns_servers
if [[ -n "$custom_dns" ]]; then
dns_servers="$custom_dns"
else
dns_servers="${DNS_CONFIGS[$dns_profile]}"
fi
if [[ -z "$dns_servers" ]]; then
log_action "❌ Unknown DNS profile or empty configuration: $dns_profile"
return 1
fi
# Set DNS servers
if networksetup -setdnsservers Wi-Fi $dns_servers; then
log_action "✅ DNS servers configured: $dns_servers"
# Verify configuration
local current_dns
current_dns=$(networksetup -getdnsservers Wi-Fi)
log_action "Current DNS servers: $current_dns"
return 0
else
log_action "❌ Failed to configure DNS servers"
return 1
fi
}
# Configure search domains
configure_search_domains() {
local domains="$*"
if [[ -z "$domains" ]]; then
log_action "Clearing search domains"
networksetup -setsearchdomains Wi-Fi "Empty"
else
log_action "Setting search domains: $domains"
networksetup -setsearchdomains Wi-Fi $domains
fi
if [[ $? -eq 0 ]]; then
log_action "✅ Search domains configured successfully"
return 0
else
log_action "❌ Failed to configure search domains"
return 1
fi
}
# Configure web proxy
configure_web_proxy() {
local proxy_type="$1"
local proxy_config="$2"
log_action "Configuring web proxy: $proxy_type"
case "$proxy_type" in
"none")
# Disable all proxies
networksetup -setwebproxystate Wi-Fi off
networksetup -setsecurewebproxystate Wi-Fi off
networksetup -setautoproxystate Wi-Fi off
log_action "✅ All proxies disabled"
;;
"web")
local proxy_server proxy_port auth_required username password
IFS=':' read -ra PROXY_PARTS <<< "$proxy_config"
proxy_server="${PROXY_PARTS[0]}"
proxy_port="${PROXY_PARTS[1]}"
auth_required="${PROXY_PARTS[2]}"
username="${PROXY_PARTS[3]:-}"
password="${PROXY_PARTS[4]:-}"
if [[ "$auth_required" == "authenticated" && -n "$username" && -n "$password" ]]; then
networksetup -setwebproxy Wi-Fi "$proxy_server" "$proxy_port" on "$username" "$password"
else
networksetup -setwebproxy Wi-Fi "$proxy_server" "$proxy_port" off
fi
networksetup -setwebproxystate Wi-Fi on
log_action "✅ Web proxy configured: $proxy_server:$proxy_port"
;;
"auto")
networksetup -setautoproxyurl Wi-Fi "$proxy_config"
networksetup -setautoproxystate Wi-Fi on
log_action "✅ Automatic proxy configured: $proxy_config"
;;
*)
log_action "❌ Unknown proxy type: $proxy_type"
return 1
;;
esac
return 0
}
# Configure proxy bypass domains
configure_proxy_bypass() {
local domains="$*"
log_action "Configuring proxy bypass domains: $domains"
if [[ -n "$domains" ]]; then
networksetup -setproxybypassdomains Wi-Fi $domains
else
networksetup -setproxybypassdomains Wi-Fi "Empty"
fi
if [[ $? -eq 0 ]]; then
log_action "✅ Proxy bypass domains configured"
return 0
else
log_action "❌ Failed to configure proxy bypass domains"
return 1
fi
}
# Deploy network profile
deploy_network_profile() {
local profile_name="$1"
local custom_settings="$2"
log_action "Deploying network profile: $profile_name"
# Get profile configuration
local profile_config="${NETWORK_PROFILES[$profile_name]}"
if [[ -z "$profile_config" ]]; then
log_action "❌ Unknown network profile: $profile_name"
return 1
fi
# Backup current configuration
local backup_file
backup_file=$(backup_network_config)
# Parse profile settings
local dns_setting proxy_setting security_setting
IFS=',' read -ra SETTINGS <<< "$profile_config"
for setting in "${SETTINGS[@]}"; do
IFS='=' read -ra SETTING_PAIR <<< "$setting"
local key="${SETTING_PAIR[0]}"
local value="${SETTING_PAIR[1]}"
case "$key" in
"dns")
configure_dns "$value"
;;
"proxy")
case "$value" in
"auto")
configure_web_proxy "auto" "${PROXY_CONFIGS[corporate_auto]}"
;;
"mandatory")
configure_web_proxy "web" "${PROXY_CONFIGS[corporate_web]}"
;;
"none")
configure_web_proxy "none"
;;
"bypass")
configure_web_proxy "none"
configure_proxy_bypass "*.local *.company.com localhost"
;;
esac
;;
"security")
log_action "Security setting: $value (requires manual Wi-Fi connection)"
;;
esac
done
# Apply custom settings if provided
if [[ -n "$custom_settings" ]]; then
log_action "Applying custom settings: $custom_settings"
# Parse and apply custom settings here
fi
# Generate deployment report
generate_profile_report "$profile_name" "$backup_file"
log_action "✅ Network profile deployed: $profile_name"
return 0
}
# Generate profile deployment report
generate_profile_report() {
local profile_name="$1"
local backup_file="$2"
local report_file="$CONFIG_DIR/profile_report_$(date '+%Y%m%d_%H%M%S').json"
log_action "Generating profile deployment report: $report_file"
cat > "$report_file" << EOF
{
"deployment_metadata": {
"timestamp": "$(date -Iseconds)",
"profile_name": "$profile_name",
"hostname": "$(hostname)",
"backup_file": "$backup_file",
"generator": "MacFleet Wi-Fi Manager"
},
"network_configuration": {
"wifi_service_enabled": "$(networksetup -getnetworkserviceenabled Wi-Fi)",
"wifi_power_status": "$(networksetup -getairportpower en0)",
"current_network": "$(networksetup -getairportnetwork en0)",
"dns_servers": "$(networksetup -getdnsservers Wi-Fi | tr '\n' ' ')",
"search_domains": "$(networksetup -getsearchdomains Wi-Fi | tr '\n' ' ')",
"web_proxy_state": "$(networksetup -getwebproxystate Wi-Fi)",
"auto_proxy_state": "$(networksetup -getautoproxystate Wi-Fi)"
},
"system_info": {
"os_version": "$(sw_vers -productVersion)",
"build_version": "$(sw_vers -buildVersion)",
"serial_number": "$(system_profiler SPHardwareDataType | grep 'Serial Number' | awk '{print $4}')",
"wifi_hardware": "$(system_profiler SPAirPortDataType | grep 'Card Type' | awk -F': ' '{print $2}')"
}
}
EOF
log_action "✅ Profile deployment report generated: $report_file"
echo "$report_file"
}
# Monitor network connectivity
monitor_connectivity() {
local test_hosts=("8.8.8.8" "apple.com" "github.com")
local connectivity_report="$CONFIG_DIR/connectivity_$(date '+%Y%m%d_%H%M%S').json"
log_action "Starting connectivity monitoring"
cat > "$connectivity_report" << EOF
{
"monitoring_timestamp": "$(date -Iseconds)",
"hostname": "$(hostname)",
"connectivity_tests": [
EOF
local first=true
for host in "${test_hosts[@]}"; do
if [[ "$first" == true ]]; then
first=false
else
echo "," >> "$connectivity_report"
fi
local start_time end_time duration result
start_time=$(date +%s.%N)
if ping -c 3 -W 5000 "$host" >/dev/null 2>&1; then
result="success"
else
result="failed"
fi
end_time=$(date +%s.%N)
duration=$(awk "BEGIN {printf \"%.3f\", $end_time - $start_time}")
cat >> "$connectivity_report" << EOF
{
"host": "$host",
"result": "$result",
"duration_seconds": $duration,
"timestamp": "$(date -Iseconds)"
}
EOF
log_action "Connectivity test: $host - $result ($duration seconds)"
done
cat >> "$connectivity_report" << EOF
],
"network_status": {
"current_ssid": "$(networksetup -getairportnetwork en0 | cut -d' ' -f4- || echo 'Not connected')",
"signal_strength": "$(airport -I | grep ' RSSI:' | awk '{print $2}' || echo 'N/A')",
"ip_address": "$(ifconfig en0 | grep 'inet ' | awk '{print $2}' || echo 'N/A')"
}
}
EOF
log_action "✅ Connectivity monitoring completed: $connectivity_report"
echo "$connectivity_report"
}
# Wi-Fi security scan
security_scan() {
local scan_report="$CONFIG_DIR/security_scan_$(date '+%Y%m%d_%H%M%S').json"
log_action "Starting Wi-Fi security scan"
# Scan for available networks
local available_networks
available_networks=$(/System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport -s)
cat > "$scan_report" << EOF
{
"scan_timestamp": "$(date -Iseconds)",
"hostname": "$(hostname)",
"security_analysis": {
"open_networks": [],
"wep_networks": [],
"wpa_networks": [],
"enterprise_networks": []
},
"network_details": [
EOF
# Parse networks and categorize by security
echo "$available_networks" | tail -n +2 | while IFS= read -r line; do
local ssid security
ssid=$(echo "$line" | awk '{print $1}')
security=$(echo "$line" | awk '{for(i=7;i<=NF;i++) printf "%s ", $i; print ""}' | sed 's/[[:space:]]*$//')
if [[ -n "$ssid" && "$ssid" != "SSID" ]]; then
echo "Found network: $ssid - Security: $security" >&2
fi
done
cat >> "$scan_report" << EOF
]
}
EOF
log_action "✅ Wi-Fi security scan completed: $scan_report"
echo "$scan_report"
}
# Reset network configuration
reset_network_config() {
local reset_type="${1:-partial}"
log_action "Resetting network configuration: $reset_type"
# Backup before reset
backup_network_config
case "$reset_type" in
"dns")
log_action "Resetting DNS configuration"
networksetup -setdnsservers Wi-Fi "Empty"
networksetup -setsearchdomains Wi-Fi "Empty"
;;
"proxy")
log_action "Resetting proxy configuration"
networksetup -setwebproxystate Wi-Fi off
networksetup -setsecurewebproxystate Wi-Fi off
networksetup -setautoproxystate Wi-Fi off
networksetup -setproxybypassdomains Wi-Fi "Empty"
;;
"full")
log_action "Performing full network reset"
# Reset all network settings
networksetup -setdnsservers Wi-Fi "Empty"
networksetup -setsearchdomains Wi-Fi "Empty"
networksetup -setwebproxystate Wi-Fi off
networksetup -setsecurewebproxystate Wi-Fi off
networksetup -setautoproxystate Wi-Fi off
networksetup -setproxybypassdomains Wi-Fi "Empty"
# Reset Wi-Fi interface
networksetup -setairportpower en0 off
sleep 2
networksetup -setairportpower en0 on
;;
*)
log_action "Resetting DNS and proxy settings"
networksetup -setdnsservers Wi-Fi "Empty"
networksetup -setwebproxystate Wi-Fi off
;;
esac
log_action "✅ Network configuration reset completed"
return 0
}
# Main execution function
main() {
local action="${1:-status}"
local profile_name="$2"
local additional_param="$3"
log_action "=== MacFleet Wi-Fi Management Started ==="
log_action "Action: $action"
log_action "Profile: ${profile_name:-N/A}"
# Setup
setup_directories
case "$action" in
"deploy")
if [[ -z "$profile_name" ]]; then
echo "Available network profiles:"
for profile in "${!NETWORK_PROFILES[@]}"; do
echo " - $profile: ${NETWORK_PROFILES[$profile]}"
done
echo ""
echo "Usage: $0 deploy <profile_name> [custom_settings]"
exit 1
fi
deploy_network_profile "$profile_name" "$additional_param"
;;
"status")
network_diagnostics
;;
"scan")
security_scan
;;
"monitor")
monitor_connectivity
;;
"dns")
if [[ -z "$profile_name" ]]; then
echo "Available DNS profiles: ${!DNS_CONFIGS[*]}"
echo "Usage: $0 dns <profile_name|custom_servers>"
exit 1
fi
configure_dns "$profile_name" "$additional_param"
;;
"proxy")
if [[ -z "$profile_name" ]]; then
echo "Usage: $0 proxy <none|web|auto> [config]"
exit 1
fi
configure_web_proxy "$profile_name" "$additional_param"
;;
"reset")
reset_network_config "$profile_name"
;;
"backup")
backup_network_config
;;
*)
echo "Usage: $0 {deploy|status|scan|monitor|dns|proxy|reset|backup}"
echo " deploy - Deploy network profile"
echo " status - Show network status and diagnostics"
echo " scan - Perform Wi-Fi security scan"
echo " monitor - Monitor network connectivity"
echo " dns - Configure DNS servers"
echo " proxy - Configure proxy settings"
echo " reset - Reset network configuration"
echo " backup - Backup current network configuration"
exit 1
;;
esac
log_action "=== Wi-Fi management completed ==="
}
# Execute main function
main "$@"
Advanced Network Configuration
Enterprise Wi-Fi Profile Management
#!/bin/bash
# Create custom network profile
create_network_profile() {
local profile_name="$1"
local ssid="$2"
local security_type="$3"
local proxy_config="$4"
local dns_config="$5"
local profile_file="$PROFILES_DIR/${profile_name}.json"
cat > "$profile_file" << EOF
{
"profile_name": "$profile_name",
"created_date": "$(date -Iseconds)",
"wifi_settings": {
"ssid": "$ssid",
"security_type": "$security_type",
"auto_connect": true,
"priority": 100
},
"proxy_settings": {
"type": "$proxy_config",
"auto_config_url": "",
"manual_config": {
"server": "",
"port": "",
"requires_auth": false
},
"bypass_domains": ["*.local", "localhost"]
},
"dns_settings": {
"servers": "$dns_config",
"search_domains": ["company.com", "local"]
},
"security_policies": {
"require_certificate": false,
"allow_untrusted": false,
"minimum_security": "WPA2"
}
}
EOF
echo "Network profile created: $profile_file"
}
Automated Network Switching
#!/bin/bash
# Smart network switching based on location/SSID priority
smart_network_switching() {
local priority_networks=("Corporate-WiFi" "Corporate-Guest" "Office-5G")
local current_network
current_network=$(networksetup -getairportnetwork en0 | cut -d' ' -f4-)
echo "Current network: $current_network"
echo "Scanning for priority networks..."
# Get available networks
local available_networks
available_networks=$(/System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport -s | tail -n +2 | awk '{print $1}')
# Check for priority networks
for priority_ssid in "${priority_networks[@]}"; do
if echo "$available_networks" | grep -q "$priority_ssid"; then
if [[ "$current_network" != "$priority_ssid" ]]; then
echo "Found higher priority network: $priority_ssid"
echo "Would switch from: $current_network"
# Note: Actual connection requires credentials
return 0
fi
fi
done
echo "Already connected to optimal network"
}
Network Quality Monitoring
#!/bin/bash
# Monitor network quality and performance
monitor_network_quality() {
local duration="${1:-60}" # monitoring duration in seconds
local interval="${2:-5}" # check interval in seconds
echo "=== Network Quality Monitoring ==="
echo "Duration: ${duration}s, Interval: ${interval}s"
local start_time end_time
start_time=$(date +%s)
end_time=$((start_time + duration))
while [[ $(date +%s) -lt $end_time ]]; do
local timestamp signal_strength link_quality tx_rate
timestamp=$(date '+%H:%M:%S')
# Get Wi-Fi metrics
local airport_info
airport_info=$(/System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport -I)
signal_strength=$(echo "$airport_info" | grep 'RSSI:' | awk '{print $2}')
link_quality=$(echo "$airport_info" | grep 'link auth:' | awk '{print $3}')
tx_rate=$(echo "$airport_info" | grep 'lastTxRate:' | awk '{print $2}')
# Test connectivity speed
local ping_time
ping_time=$(ping -c 1 8.8.8.8 2>/dev/null | grep 'time=' | awk -F'time=' '{print $2}' | awk '{print $1}')
printf "%s | Signal: %sdBm | Quality: %s | Speed: %sMbps | Ping: %s\n" \
"$timestamp" "$signal_strength" "$link_quality" "$tx_rate" "${ping_time:-timeout}"
sleep "$interval"
done
}
Security and Compliance
Network Security Audit
#!/bin/bash
# Comprehensive network security audit
network_security_audit() {
local audit_report="$CONFIG_DIR/security_audit_$(date '+%Y%m%d_%H%M%S').json"
echo "=== Network Security Audit ==="
log_action "Starting network security audit"
cat > "$audit_report" << EOF
{
"audit_timestamp": "$(date -Iseconds)",
"hostname": "$(hostname)",
"security_assessment": {
"wifi_encryption": "$(networksetup -getairportnetwork en0 | grep -o 'WPA\\|WEP\\|None' || echo 'Unknown')",
"proxy_enabled": "$(networksetup -getwebproxystate Wi-Fi)",
"dns_servers": "$(networksetup -getdnsservers Wi-Fi | tr '\n' ',' | sed 's/,$//')",
"firewall_status": "$(defaults read /Library/Preferences/com.apple.alf globalstate 2>/dev/null || echo 'Unknown')"
},
"vulnerability_checks": [
EOF
# Check for open networks in range
local open_networks
open_networks=$(/System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport -s | grep -E 'NONE|--' | wc -l)
# Check for weak DNS
local dns_servers
dns_servers=$(networksetup -getdnsservers Wi-Fi)
# Generate security recommendations
local recommendations=()
if [[ "$open_networks" -gt 0 ]]; then
recommendations+=("Avoid connecting to $open_networks open networks detected")
fi
if echo "$dns_servers" | grep -q "There aren't any DNS Servers"; then
recommendations+=("Configure secure DNS servers")
fi
cat >> "$audit_report" << EOF
],
"recommendations": [
EOF
local first=true
for rec in "${recommendations[@]}"; do
if [[ "$first" == true ]]; then
first=false
else
echo "," >> "$audit_report"
fi
echo " \"$rec\"" >> "$audit_report"
done
cat >> "$audit_report" << EOF
]
}
EOF
log_action "✅ Security audit completed: $audit_report"
echo "$audit_report"
}
Compliance Policy Enforcement
#!/bin/bash
# Enforce enterprise compliance policies
enforce_compliance_policy() {
local policy_name="$1"
log_action "Enforcing compliance policy: $policy_name"
case "$policy_name" in
"corporate")
# Corporate policy: Secure DNS, mandatory proxy, no open networks
configure_dns "corporate"
configure_web_proxy "web" "${PROXY_CONFIGS[corporate_web]}"
configure_proxy_bypass "*.company.com localhost"
;;
"education")
# Education policy: Safe DNS, content filtering proxy
configure_dns "public"
configure_web_proxy "auto" "http://filter.school.edu/proxy.pac"
;;
"healthcare")
# Healthcare policy: HIPAA-compliant settings
configure_dns "secure"
configure_web_proxy "web" "secure-proxy.hospital.org:8080:authenticated"
;;
"government")
# Government policy: Maximum security
configure_dns "secure"
configure_web_proxy "web" "gov-proxy.agency.gov:3128:authenticated"
configure_proxy_bypass "" # No bypass domains
;;
*)
log_action "❌ Unknown compliance policy: $policy_name"
return 1
;;
esac
log_action "✅ Compliance policy enforced: $policy_name"
return 0
}
Network Troubleshooting
Automated Network Repair
#!/bin/bash
# Automated network troubleshooting and repair
network_repair() {
local repair_level="${1:-basic}"
log_action "Starting network repair: $repair_level"
echo "=== MacFleet Network Repair ==="
# Basic connectivity test
echo "🔍 Testing basic connectivity..."
if ping -c 3 8.8.8.8 >/dev/null 2>&1; then
echo "✅ Internet connectivity: OK"
else
echo "❌ Internet connectivity: FAILED"
case "$repair_level" in
"basic")
echo "🔧 Attempting basic repair..."
# Cycle Wi-Fi
networksetup -setairportpower en0 off
sleep 3
networksetup -setairportpower en0 on
sleep 5
;;
"advanced")
echo "🔧 Attempting advanced repair..."
# Full network reset
reset_network_config "full"
sleep 10
;;
"complete")
echo "🔧 Attempting complete repair..."
# Reset network preferences
sudo rm -f /Library/Preferences/SystemConfiguration/com.apple.airport.preferences.plist
sudo rm -f /Library/Preferences/SystemConfiguration/NetworkInterfaces.plist
echo "⚠️ System restart required for complete repair"
;;
esac
# Retest after repair
echo "🔄 Retesting connectivity..."
if ping -c 3 8.8.8.8 >/dev/null 2>&1; then
echo "✅ Repair successful"
log_action "Network repair successful: $repair_level"
else
echo "❌ Repair failed - escalate to manual intervention"
log_action "Network repair failed: $repair_level"
fi
fi
}
Network Performance Optimization
#!/bin/bash
# Optimize network performance settings
optimize_network_performance() {
echo "=== Network Performance Optimization ==="
# Check current MTU
local current_mtu
current_mtu=$(networksetup -getMTU Wi-Fi | awk '{print $NF}')
echo "Current MTU: $current_mtu"
# Optimize for different scenarios
local optimization_type="${1:-balanced}"
case "$optimization_type" in
"throughput")
echo "🚀 Optimizing for maximum throughput..."
networksetup -setMTU Wi-Fi 1500
;;
"latency")
echo "⚡ Optimizing for low latency..."
networksetup -setMTU Wi-Fi 1200
;;
"balanced")
echo "⚖️ Applying balanced optimization..."
networksetup -setMTU Wi-Fi 1400
;;
*)
echo "❌ Unknown optimization type: $optimization_type"
return 1
;;
esac
# Clear DNS cache
echo "🧹 Clearing DNS cache..."
sudo dscacheutil -flushcache
sudo killall -HUP mDNSResponder
echo "✅ Network optimization completed"
}
Best Practices
🚀 Performance Optimization
- Monitor network quality regularly and switch to optimal networks
- Configure appropriate MTU sizes for your network environment
- Use local DNS caching to improve resolution speeds
- Optimize proxy settings for your specific use case
🔐 Security Guidelines
- Always use encrypted networks (WPA2/WPA3) in enterprise environments
- Configure secure DNS servers to prevent DNS poisoning
- Implement proxy policies for content filtering and security
- Regular security audits to identify network vulnerabilities
📋 Management Best Practices
- Profile-based configuration for different user groups and locations
- Centralized policy enforcement across all fleet devices
- Regular backup of network configurations before changes
- Automated monitoring and alerting for connectivity issues
🔍 Troubleshooting Tips
- Use network diagnostics to identify configuration issues
- Monitor signal strength and network quality metrics
- Test connectivity to multiple endpoints for comprehensive validation
- Document network changes for audit trails and troubleshooting
Important Notes
- Network changes take effect immediately but may require reconnection
- Proxy authentication credentials should be managed securely
- DNS changes may require cache flushing to take effect
- Some enterprise networks require specific certificates for authentication
- Always backup configurations before making significant changes