Hi jnettlet,
Here is the hostapd.conf file settings.
hostapd configuration file
Empty lines and lines starting with # are ignored
AP netdevice name (without ‘ap’ postfix, i.e., wlan0 uses wlan0ap for
management frames with the Host AP driver); wlan0 with many nl80211 drivers
Note: This attribute can be overridden by the values supplied with the ‘-i’
command line parameter.
interface=wlan0
In case of atheros and nl80211 driver interfaces, an additional
configuration parameter, bridge, may be used to notify hostapd if the
interface is included in a bridge. This parameter is not used with Host AP
driver. If the bridge parameter is not set, the drivers will automatically
figure out the bridge interface (assuming sysfs is enabled and mounted to
/sys) and this parameter may not be needed.
For nl80211, this parameter can be used to request the AP interface to be
added to the bridge automatically (brctl may refuse to do this before hostapd
has been started to change the interface mode). If needed, the bridge
interface is also created.
#bridge=br0
Driver interface type (hostap/wired/none/nl80211/bsd);
default: hostap). nl80211 is used with all Linux mac80211 drivers.
Use driver=none if building hostapd as a standalone RADIUS server that does
not control any wireless/wired driver.
driver=hostap
Driver interface parameters (mainly for development testing use)
driver_params=
hostapd event logger configuration
Two output method: syslog and stdout (only usable if not forking to
background).
Module bitfield (ORed bitfield of modules that will be logged; -1 = all
modules):
bit 0 (1) = IEEE 802.11
bit 1 (2) = IEEE 802.1X
bit 2 (4) = RADIUS
bit 3 (8) = WPA
bit 4 (16) = driver interface
bit 6 (64) = MLME
Levels (minimum value for logged events):
0 = verbose debugging
1 = debugging
2 = informational messages
3 = notification
4 = warning
logger_syslog=-1
logger_syslog_level=2
logger_stdout=-1
logger_stdout_level=2
Interface for separate control program. If this is specified, hostapd
will create this directory and a UNIX domain socket for listening to requests
from external programs (CLI/GUI, etc.) for status information and
configuration. The socket file will be named based on the interface name, so
multiple hostapd processes/interfaces can be run at the same time if more
than one interface is used.
/var/run/hostapd is the recommended directory for sockets and by default,
hostapd_cli will use it when trying to connect with hostapd.
ctrl_interface=/var/run/hostapd
Access control for the control interface can be configured by setting the
directory to allow only members of a group to use sockets. This way, it is
possible to run hostapd as root (since it needs to change network
configuration and open raw sockets) and still allow GUI/CLI components to be
run as non-root users. However, since the control interface can be used to
change the network configuration, this access needs to be protected in many
cases. By default, hostapd is configured to use gid 0 (root). If you
want to allow non-root users to use the contron interface, add a new group
and change this value to match with that group. Add users that should have
control interface access to this group.
This variable can be a group name or gid.
#ctrl_interface_group=wheel
ctrl_interface_group=0
IEEE 802.11 related configuration
SSID to be used in IEEE 802.11 management frames
ssid=test
Alternative formats for configuring SSID
(double quoted string, hexdump, printf-escaped string)
#ssid2=“test”
#ssid2=74657374
#ssid2=P"hello\nthere"
UTF-8 SSID: Whether the SSID is to be interpreted using UTF-8 encoding
#utf8_ssid=1
Country code (ISO/IEC 3166-1). Used to set regulatory domain.
Set as needed to indicate country in which device is operating.
This can limit available channels and transmit power.
These two octets are used as the first two octets of the Country String
(dot11CountryString)
#country_code=US
The third octet of the Country String (dot11CountryString)
This parameter is used to set the third octet of the country string.
All environments of the current frequency band and country (default)
#country3=0x20
Outdoor environment only
#country3=0x4f
Indoor environment only
#country3=0x49
Noncountry entity (country_code=XX)
#country3=0x58
IEEE 802.11 standard Annex E table indication: 0x01 … 0x1f
Annex E, Table E-4 (Global operating classes)
#country3=0x04
Enable IEEE 802.11d. This advertises the country_code and the set of allowed
channels and transmit power levels based on the regulatory limits. The
country_code setting must be configured with the correct country for
IEEE 802.11d functions.
(default: 0 = disabled)
#ieee80211d=1
Enable IEEE 802.11h. This enables radar detection and DFS support if
available. DFS support is required on outdoor 5 GHz channels in most countries
of the world. This can be used only with ieee80211d=1.
(default: 0 = disabled)
#ieee80211h=1
Add Power Constraint element to Beacon and Probe Response frames
This config option adds Power Constraint element when applicable and Country
element is added. Power Constraint element is required by Transmit Power
Control. This can be used only with ieee80211d=1.
Valid values are 0…255.
#local_pwr_constraint=3
Set Spectrum Management subfield in the Capability Information field.
This config option forces the Spectrum Management bit to be set. When this
option is not set, the value of the Spectrum Management bit depends on whether
DFS or TPC is required by regulatory authorities. This can be used only with
ieee80211d=1 and local_pwr_constraint configured.
#spectrum_mgmt_required=1
Operation mode (a = IEEE 802.11a (5 GHz), b = IEEE 802.11b (2.4 GHz),
g = IEEE 802.11g (2.4 GHz), ad = IEEE 802.11ad (60 GHz); a/g options are used
with IEEE 802.11n (HT), too, to specify band). For IEEE 802.11ac (VHT), this
needs to be set to hw_mode=a. When using ACS (see channel parameter), a
special value “any” can be used to indicate that any support band can be used.
This special case is currently supported only with drivers with which
offloaded ACS is used.
Default: IEEE 802.11b
hw_mode=g
Channel number (IEEE 802.11)
(default: 0, i.e., not set)
Please note that some drivers do not use this value from hostapd and the
channel will need to be configured separately with iwconfig.
If CONFIG_ACS build option is enabled, the channel can be selected
automatically at run time by setting channel=acs_survey or channel=0, both of
which will enable the ACS survey based algorithm.
channel=1
ACS tuning - Automatic Channel Selection
You can customize the ACS survey algorithm with following variables:
acs_num_scans requirement is 1…100 - number of scans to be performed that
are used to trigger survey data gathering of an underlying device driver.
Scans are passive and typically take a little over 100ms (depending on the
driver) on each available channel for given hw_mode. Increasing this value
means sacrificing startup time and gathering more data wrt channel
interference that may help choosing a better channel. This can also help fine
tune the ACS scan time in case a driver has different scan dwell times.
acs_chan_bias is a space-separated list of : pairs. It can be
used to increase (or decrease) the likelihood of a specific channel to be
selected by the ACS algorithm. The total interference factor for each channel
gets multiplied by the specified bias value before finding the channel with
the lowest value. In other words, values between 0.0 and 1.0 can be used to
make a channel more likely to be picked while values larger than 1.0 make the
specified channel less likely to be picked. This can be used, e.g., to prefer
the commonly used 2.4 GHz band channels 1, 6, and 11 (which is the default
behavior on 2.4 GHz band if no acs_chan_bias parameter is specified).
Defaults:
#acs_num_scans=5
#acs_chan_bias=1:0.8 6:0.8 11:0.8
Channel list restriction. This option allows hostapd to select one of the
provided channels when a channel should be automatically selected.
Channel list can be provided as range using hyphen (‘-’) or individual
channels can be specified by space (’ ') separated values
Default: all channels allowed in selected hw_mode
#chanlist=100 104 108 112 116
#chanlist=1 6 11-13
Exclude DFS channels from ACS
This option can be used to exclude all DFS channels from the ACS channel list
in cases where the driver supports DFS channels.
#acs_exclude_dfs=1
Beacon interval in kus (1.024 ms) (default: 100; range 15…65535)
beacon_int=100
DTIM (delivery traffic information message) period (range 1…255):
number of beacons between DTIMs (1 = every beacon includes DTIM element)
(default: 2)
dtim_period=2
Maximum number of stations allowed in station table. New stations will be
rejected after the station table is full. IEEE 802.11 has a limit of 2007
different association IDs, so this number should not be larger than that.
(default: 2007)
max_num_sta=255
RTS/CTS threshold; -1 = disabled (default); range -1…65535
If this field is not included in hostapd.conf, hostapd will not control
RTS threshold and ‘iwconfig wlan# rts ’ can be used to set it.
rts_threshold=-1
Fragmentation threshold; -1 = disabled (default); range -1, 256…2346
If this field is not included in hostapd.conf, hostapd will not control
fragmentation threshold and ‘iwconfig wlan# frag ’ can be used to set
it.
fragm_threshold=-1
Rate configuration
Default is to enable all rates supported by the hardware. This configuration
item allows this list be filtered so that only the listed rates will be left
in the list. If the list is empty, all rates are used. This list can have
entries that are not in the list of rates the hardware supports (such entries
are ignored). The entries in this list are in 100 kbps, i.e., 11 Mbps = 110.
If this item is present, at least one rate have to be matching with the rates
hardware supports.
default: use the most common supported rate setting for the selected
hw_mode (i.e., this line can be removed from configuration file in most
cases)
#supported_rates=10 20 55 110 60 90 120 180 240 360 480 540
Basic rate set configuration
List of rates (in 100 kbps) that are included in the basic rate set.
If this item is not included, usually reasonable default set is used.
#basic_rates=10 20
#basic_rates=10 20 55 110
#basic_rates=60 120 240
Beacon frame TX rate configuration
This sets the TX rate that is used to transmit Beacon frames. If this item is
not included, the driver default rate (likely lowest rate) is used.
Legacy (CCK/OFDM rates):
beacon_rate=<legacy rate in 100 kbps>
HT:
beacon_rate=ht:
VHT:
beacon_rate=vht:
For example, beacon_rate=10 for 1 Mbps or beacon_rate=60 for 6 Mbps (OFDM).
#beacon_rate=10
Short Preamble
This parameter can be used to enable optional use of short preamble for
frames sent at 2 Mbps, 5.5 Mbps, and 11 Mbps to improve network performance.
This applies only to IEEE 802.11b-compatible networks and this should only be
enabled if the local hardware supports use of short preamble. If any of the
associated STAs do not support short preamble, use of short preamble will be
disabled (and enabled when such STAs disassociate) dynamically.
0 = do not allow use of short preamble (default)
1 = allow use of short preamble
#preamble=1
Station MAC address -based authentication
Please note that this kind of access control requires a driver that uses
hostapd to take care of management frame processing and as such, this can be
used with driver=hostap or driver=nl80211, but not with driver=atheros.
0 = accept unless in deny list
1 = deny unless in accept list
2 = use external RADIUS server (accept/deny lists are searched first)
macaddr_acl=0
Accept/deny lists are read from separate files (containing list of
MAC addresses, one per line). Use absolute path name to make sure that the
files can be read on SIGHUP configuration reloads.
#accept_mac_file=/etc/hostapd.accept
#deny_mac_file=/etc/hostapd.deny
IEEE 802.11 specifies two authentication algorithms. hostapd can be
configured to allow both of these or only one. Open system authentication
should be used with IEEE 802.1X.
Bit fields of allowed authentication algorithms:
bit 0 = Open System Authentication
bit 1 = Shared Key Authentication (requires WEP)
auth_algs=3
Send empty SSID in beacons and ignore probe request frames that do not
specify full SSID, i.e., require stations to know SSID.
default: disabled (0)
1 = send empty (length=0) SSID in beacon and ignore probe request for
broadcast SSID
2 = clear SSID (ASCII 0), but keep the original length (this may be required
with some clients that do not support empty SSID) and ignore probe
requests for broadcast SSID
ignore_broadcast_ssid=0
Do not reply to broadcast Probe Request frames from unassociated STA if there
is no room for additional stations (max_num_sta). This can be used to
discourage a STA from trying to associate with this AP if the association
would be rejected due to maximum STA limit.
Default: 0 (disabled)
#no_probe_resp_if_max_sta=0
Additional vendor specific elements for Beacon and Probe Response frames
This parameter can be used to add additional vendor specific element(s) into
the end of the Beacon and Probe Response frames. The format for these
element(s) is a hexdump of the raw information elements (id+len+payload for
one or more elements)
#vendor_elements=dd0411223301
Additional vendor specific elements for (Re)Association Response frames
This parameter can be used to add additional vendor specific element(s) into
the end of the (Re)Association Response frames. The format for these
element(s) is a hexdump of the raw information elements (id+len+payload for
one or more elements)
#assocresp_elements=dd0411223301
TX queue parameters (EDCF / bursting)
tx_queue__
queues: data0, data1, data2, data3
(data0 is the highest priority queue)
parameters:
aifs: AIFS (default 2)
cwmin: cwMin (1, 3, 7, 15, 31, 63, 127, 255, 511, 1023, 2047, 4095, 8191,
16383, 32767)
cwmax: cwMax (same values as cwMin, cwMax >= cwMin)
burst: maximum length (in milliseconds with precision of up to 0.1 ms) for
bursting
Default WMM parameters (IEEE 802.11 draft; 11-03-0504-03-000e):
These parameters are used by the access point when transmitting frames
to the clients.
Low priority / AC_BK = background
#tx_queue_data3_aifs=7
#tx_queue_data3_cwmin=15
#tx_queue_data3_cwmax=1023
#tx_queue_data3_burst=0
Note: for IEEE 802.11b mode: cWmin=31 cWmax=1023 burst=0
Normal priority / AC_BE = best effort
#tx_queue_data2_aifs=3
#tx_queue_data2_cwmin=15
#tx_queue_data2_cwmax=63
#tx_queue_data2_burst=0
Note: for IEEE 802.11b mode: cWmin=31 cWmax=127 burst=0
High priority / AC_VI = video
#tx_queue_data1_aifs=1
#tx_queue_data1_cwmin=7
#tx_queue_data1_cwmax=15
#tx_queue_data1_burst=3.0
Note: for IEEE 802.11b mode: cWmin=15 cWmax=31 burst=6.0
Highest priority / AC_VO = voice
#tx_queue_data0_aifs=1
#tx_queue_data0_cwmin=3
#tx_queue_data0_cwmax=7
#tx_queue_data0_burst=1.5
Note: for IEEE 802.11b mode: cWmin=7 cWmax=15 burst=3.3
802.1D Tag (= UP) to AC mappings
WMM specifies following mapping of data frames to different ACs. This mapping
can be configured using Linux QoS/tc and sch_pktpri.o module.
802.1D Tag 802.1D Designation Access Category WMM Designation
1 BK AC_BK Background
2 - AC_BK Background
0 BE AC_BE Best Effort
3 EE AC_BE Best Effort
4 CL AC_VI Video
5 VI AC_VI Video
6 VO AC_VO Voice
7 NC AC_VO Voice
Data frames with no priority information: AC_BE
Management frames: AC_VO
PS-Poll frames: AC_BE
Default WMM parameters (IEEE 802.11 draft; 11-03-0504-03-000e):
for 802.11a or 802.11g networks
These parameters are sent to WMM clients when they associate.
The parameters will be used by WMM clients for frames transmitted to the
access point.
note - txop_limit is in units of 32microseconds
note - acm is admission control mandatory flag. 0 = admission control not
required, 1 = mandatory
note - Here cwMin and cmMax are in exponent form. The actual cw value used
will be (2^n)-1 where n is the value given here. The allowed range for these
wmm_ac_??_{cwmin,cwmax} is 0…15 with cwmax >= cwmin.
wmm_enabled=1
WMM-PS Unscheduled Automatic Power Save Delivery [U-APSD]
Enable this flag if U-APSD supported outside hostapd (eg., Firmware/driver)
#uapsd_advertisement_enabled=1
Low priority / AC_BK = background
wmm_ac_bk_cwmin=4
wmm_ac_bk_cwmax=10
wmm_ac_bk_aifs=7
wmm_ac_bk_txop_limit=0
wmm_ac_bk_acm=0
Note: for IEEE 802.11b mode: cWmin=5 cWmax=10
Normal priority / AC_BE = best effort
wmm_ac_be_aifs=3
wmm_ac_be_cwmin=4
wmm_ac_be_cwmax=10
wmm_ac_be_txop_limit=0
wmm_ac_be_acm=0
Note: for IEEE 802.11b mode: cWmin=5 cWmax=7
High priority / AC_VI = video
wmm_ac_vi_aifs=2
wmm_ac_vi_cwmin=3
wmm_ac_vi_cwmax=4
wmm_ac_vi_txop_limit=94
wmm_ac_vi_acm=0
Note: for IEEE 802.11b mode: cWmin=4 cWmax=5 txop_limit=188
Highest priority / AC_VO = voice
wmm_ac_vo_aifs=2
wmm_ac_vo_cwmin=2
wmm_ac_vo_cwmax=3
wmm_ac_vo_txop_limit=47
wmm_ac_vo_acm=0
Note: for IEEE 802.11b mode: cWmin=3 cWmax=4 burst=102
Enable Multi-AP functionality
0 = disabled (default)
1 = AP support backhaul BSS
2 = AP support fronthaul BSS
3 = AP supports both backhaul BSS and fronthaul BSS
#multi_ap=0
Static WEP key configuration
The key number to use when transmitting.
It must be between 0 and 3, and the corresponding key must be set.
default: not set
#wep_default_key=0
The WEP keys to use.
A key may be a quoted string or unquoted hexadecimal digits.
The key length should be 5, 13, or 16 characters, or 10, 26, or 32
digits, depending on whether 40-bit (64-bit), 104-bit (128-bit), or
128-bit (152-bit) WEP is used.
Only the default key must be supplied; the others are optional.
default: not set
#wep_key0=123456789a
#wep_key1=“vwxyz”
#wep_key2=0102030405060708090a0b0c0d
#wep_key3=“.2.4.6.8.0.23”
Station inactivity limit
If a station does not send anything in ap_max_inactivity seconds, an
empty data frame is sent to it in order to verify whether it is
still in range. If this frame is not ACKed, the station will be
disassociated and then deauthenticated. This feature is used to
clear station table of old entries when the STAs move out of the
range.
The station can associate again with the AP if it is still in range;
this inactivity poll is just used as a nicer way of verifying
inactivity; i.e., client will not report broken connection because
disassociation frame is not sent immediately without first polling
the STA with a data frame.
default: 300 (i.e., 5 minutes)
#ap_max_inactivity=300
The inactivity polling can be disabled to disconnect stations based on
inactivity timeout so that idle stations are more likely to be disconnected
even if they are still in range of the AP. This can be done by setting
skip_inactivity_poll to 1 (default 0).
#skip_inactivity_poll=0
Disassociate stations based on excessive transmission failures or other
indications of connection loss. This depends on the driver capabilities and
may not be available with all drivers.
#disassoc_low_ack=1
Maximum allowed Listen Interval (how many Beacon periods STAs are allowed to
remain asleep). Default: 65535 (no limit apart from field size)
#max_listen_interval=100
WDS (4-address frame) mode with per-station virtual interfaces
(only supported with driver=nl80211)
This mode allows associated stations to use 4-address frames to allow layer 2
bridging to be used.
#wds_sta=1
If bridge parameter is set, the WDS STA interface will be added to the same
bridge by default. This can be overridden with the wds_bridge parameter to
use a separate bridge.
#wds_bridge=wds-br0
Start the AP with beaconing disabled by default.
#start_disabled=0
Client isolation can be used to prevent low-level bridging of frames between
associated stations in the BSS. By default, this bridging is allowed.
#ap_isolate=1
BSS Load update period (in BUs)
This field is used to enable and configure adding a BSS Load element into
Beacon and Probe Response frames.
#bss_load_update_period=50
Channel utilization averaging period (in BUs)
This field is used to enable and configure channel utilization average
calculation with bss_load_update_period. This should be in multiples of
bss_load_update_period for more accurate calculation.
#chan_util_avg_period=600
Fixed BSS Load value for testing purposes
This field can be used to configure hostapd to add a fixed BSS Load element
into Beacon and Probe Response frames for testing purposes. The format is
::
#bss_load_test=12:80:20000
Multicast to unicast conversion
Request that the AP will do multicast-to-unicast conversion for ARP, IPv4, and
IPv6 frames (possibly within 802.1Q). If enabled, such frames are to be sent
to each station separately, with the DA replaced by their own MAC address
rather than the group address.
Note that this may break certain expectations of the receiver, such as the
ability to drop unicast IP packets received within multicast L2 frames, or the
ability to not send ICMP destination unreachable messages for packets received
in L2 multicast (which is required, but the receiver can’t tell the difference
if this new option is enabled).
This also doesn’t implement the 802.11 DMS (directed multicast service).
#multicast_to_unicast=0
Send broadcast Deauthentication frame on AP start/stop
Default: 1 (enabled)
#broadcast_deauth=1
IEEE 802.11n related configuration
ieee80211n: Whether IEEE 802.11n (HT) is enabled
0 = disabled (default)
1 = enabled
Note: You will also need to enable WMM for full HT functionality.
Note: hw_mode=g (2.4 GHz) and hw_mode=a (5 GHz) is used to specify the band.
#ieee80211n=1
ht_capab: HT capabilities (list of flags)
LDPC coding capability: [LDPC] = supported
Supported channel width set: [HT40-] = both 20 MHz and 40 MHz with secondary
channel below the primary channel; [HT40+] = both 20 MHz and 40 MHz
with secondary channel above the primary channel
(20 MHz only if neither is set)
Note: There are limits on which channels can be used with HT40- and
HT40+. Following table shows the channels that may be available for
HT40- and HT40+ use per IEEE 802.11n Annex J:
freq HT40- HT40+
2.4 GHz 5-13 1-7 (1-9 in Europe/Japan)
5 GHz 40,48,56,64 36,44,52,60
(depending on the location, not all of these channels may be available
for use)
Please note that 40 MHz channels may switch their primary and secondary
channels if needed or creation of 40 MHz channel maybe rejected based
on overlapping BSSes. These changes are done automatically when hostapd
is setting up the 40 MHz channel.
Spatial Multiplexing (SM) Power Save: [SMPS-STATIC] or [SMPS-DYNAMIC]
(SMPS disabled if neither is set)
HT-greenfield: [GF] (disabled if not set)
Short GI for 20 MHz: [SHORT-GI-20] (disabled if not set)
Short GI for 40 MHz: [SHORT-GI-40] (disabled if not set)
Tx STBC: [TX-STBC] (disabled if not set)
Rx STBC: [RX-STBC1] (one spatial stream), [RX-STBC12] (one or two spatial
streams), or [RX-STBC123] (one, two, or three spatial streams); Rx STBC
disabled if none of these set
HT-delayed Block Ack: [DELAYED-BA] (disabled if not set)
Maximum A-MSDU length: [MAX-AMSDU-7935] for 7935 octets (3839 octets if not
set)
DSSS/CCK Mode in 40 MHz: [DSSS_CCK-40] = allowed (not allowed if not set)
40 MHz intolerant [40-INTOLERANT] (not advertised if not set)
L-SIG TXOP protection support: [LSIG-TXOP-PROT] (disabled if not set)
#ht_capab=[HT40-][SHORT-GI-20][SHORT-GI-40]
Require stations to support HT PHY (reject association if they do not)
#require_ht=1
If set non-zero, require stations to perform scans of overlapping
channels to test for stations which would be affected by 40 MHz traffic.
This parameter sets the interval in seconds between these scans. Setting this
to non-zero allows 2.4 GHz band AP to move dynamically to a 40 MHz channel if
no co-existence issues with neighboring devices are found.
#obss_interval=0
eapol_key_index_workaround=0
authentication server.
eap_server=0
If you could help me set up a hostapd by considering the India location, that would be greatly appreciated.
Regards
Manoj