hostapd package
Information on this package is covered here.
|
Package
|
Description
|
License
|
|
hostapd
|
|
|
Summary
The Host Access Point daemon (hostapd) manages user-space 802.11 functions such as authentication, encryption, initializing network interface, beacon intervals, extended authorization protocol (EAP) keys, etc. These are mainly the non-time critical functions required of a wireless Access Point. It also provides an interface into the DataPath driver for the management, transmission, and reception of wireless data packets.
Usage
Starting/Stopping the hostapd Service
Keep in mind that hostapd will not start at all unless the ACCESS_POINT variable in /etc/default/wireless is set to "yes". The access point profile package (ds-wireless-ap) provides a version of this file with access point behavior enabled. (See the Developer Guide topic on Creating Root File System Images for Reference Designs for information on building a reference AP using this profile package.)
Use the following commmands to control the hostapd service on the target device.
|
Action
|
Command
|
|
Start
|
/etc/init.d/hostapd start
|
|
Stop
|
/etc/init.d/hostapd stop
|
|
Restart
|
/etc/init.d/hostapd restart
|
|
Reload
|
Reload the configuration file(s).
|
Configuration parameters should be set in the /etc/default/hostapd file. Available parameters are:
|
Parameter
|
Description
|
|
CONFIG_FILES
|
Specify the configuration file(s) that should be passed to the hostapd daemon when it is started. Multiple files can be specified using a quoted, space separated list.
|
|
DEBUG_LEVEL
|
Set level of debug output.(See Debugging for details.)
|
Runtime Configuration (hostapd.conf)
Configuration of the Access Point is handled by the APconfd daemon. hostapd maintains an internal configuration file based on these settings. It passes control information and management frames to the DataPath driver.
The Host Access Point Daemon (hostapd) uses configuration files to set up values for all 802.11 related options. These files configure both the hostapd process and the kernel drivers for the related wireless LAN (WLAN) devices.
|
Notes
|
- The interfaces described in this section, including all API's, file structures, data structures and scripting techniques (the interfaces), are subject to change in future versions of the Devicescape™ Universal Wireless Platform. Should Devicescape change any of these interfaces, Devicescape does not guarantee nor warranty forward and/or backward compatibility between the new interfaces and those described herein.
|
Each WLAN interface/radio has its own configuration file. A single hostapd process can be used to control more than one radio. During start-up, all configuration files must be listed on the command line. For example, following command line could be used to start hostapd as a daemon that forks to background (-B) and controls two WLAN devices (wlan0 and wlan1):
./hostapd -B /etc/hostapd.conf-wlan0 /etc/hostapd.conf-wlan1
The default configuration file is hostapd.conf. It is a text file. Empty lines are ignored. All lines starting with "#" are also ignored-use them to comment the file. An example configuration file is provided which includes comments about the available configuration items.
Most items have a sensible default values, but the interface, SSID, hardware mode, and channel and channel policy items at least should be explicitly configured as "basic settings". The basic settings are described first, followed by sections on how to configure the rest of the available options.
Note that "hostapd.conf" file is meant to serve as an example configuration file for the hostapd package. In practice, you might rename this file. When you create the root file system for an access point per the AP reference design (see Devicescape Developer Guide), example files are generated for /etc/hostapd (with a symbolic link to /config/etc/hostapd) directory. You can use these as reference configuration files. In most cases, the <hostapd>.conf file must be edited before bringing up the access point and you must specify which .conf file should be loaded when hostapd starts. That is, hostapd looks at this particular configuration file so that it knows which "<hostapd>.conf" to use.
# cat /etc/default/hostapd
# Settings for the hostapd init script
# Specify all the config files, one per radio that
# will be running in access point mode
CONFIG_FILES="/etc/hostapd/atheros_a.conf"
# Set the level of debug output desired
DEBUG_LEVEL=1
For multi-radio support, you can have two or more .conf files, separated by a space:
CONFIG_FILES="/etc/hostapd/atheros_a.conf /etc/hostapd/broadcom_g.conf"
Modifying a Running Configuration
A running configuration can be changed by modifying the configuration files and signaling the hostapd process with a SIGHUP signal hangup. This will cause the daemon to reload the configuration files and enable the new settings-assuming there are no syntax errors in the configuration files.
|
Note
|
A better option than using SIGHUP is to use the API call RELOAD because it provides feedback to the caller about the completion of the reconfiguration. SIGHUP does not provide this feedback, and can easily cause race conditions with the AP configuration system in some cases (for example, when a SIGHUP command is followed by an interface configuration for a new WDS link).
|
Quick Reference to Configuration Options in hostapd.conf
Following is a summary of all configuration options in the hostapd.conf file for quick reference. (Note that some options may not be supported in all drivers. See driver-specific packages for options that require configuration external to hostapd.)
|
Option
|
Examples and Notes
|
Where to Get More Info
|
|
accept_mac_file
|
For MAC Filtering, define path to MAC accept file: accept_mac_file=/etc/hostapd.accept
|
|
|
adm_status
|
Turns radio interface on and off.
adm_status=up
|
|
|
acct_server_addr
acct_server_port
acct_server_shared_secret
|
Define the RADIUS accounting server address, port (normally 1813), and shared secret. acct_server_addr=127.0.0.1
acct_server_port=1813
acct_server_shared_secret=secret
|
|
|
aifs
|
|
|
|
allow_non_wpa
|
In WPA security mode, allow non-WPA stations:
allow_non_wpa=1
Setting allow_non_wpa=0 means do not allow non-WPA stations to use this Access Point.
|
|
|
antenna_mode
antenna_sel
|
Set antenna mode to static (and set requisite default antenna):
antenna_mode=static
antenna_sel=1
Automatically select the best antenna to receive/transmit and switch in case of transmit failure (this is the default):
antenna_mode=omni_ap
|
|
|
ap_max_inactivity
|
Set station inactivity limit:
ap_max_inactivity=300
The setting shown is the default: 300 seconds (which is 5 minutes)
|
|
|
ap_table_max_size
ap_table_expiration_time
|
These are options related to passive scanning.
|
|
|
assoc_min_rate
|
Set a minimum rate (in 100 kbps) needed for association:
assoc_min_rate=120
(If the minimum rate is set to 12 Mbps for a 802.11g Access Point, all 802.11b stations will be rejected.)
|
|
|
atheros_super_ag
|
Enable all Super AG features:
atheros_super_ag=7
(As a prerequisite, to using Atheros Super AG, hw_mode must be set to "g": hw_mode=g)
|
|
|
auth_algs
|
Sets the authenticaton algorithm for both Open and Shared Key authentication:
auth_algs=3
(This is a WEP security setting.)
|
|
|
auth_server_addr
auth_server_port
auth_server_shared_secret
|
Configure information about the RADIUS server: auth_server_addr=127.0.0.1
auth_server_port=1813
auth_server_shared_secret=secret
|
|
|
basic_rates
|
Set basic and supported rates for a mix of 802.11g and 802.11b stations: supported_rates=10 20 55 110 60 90 120 180 240 360 480 540
basic_rates=10 20 55 110
|
|
|
beacon_int
|
Send a Beacon frame every 100 milliseconds (10 per second): beacon_int=100
|
|
|
bridge_packets
|
Disable the internal bridge thereby enabling "station isolation":
bridge_packets=0
Enable the internal bridge thereby disabling "station isolation" (this is the default):
bridge_packets=1
|
|
|
bss
|
hostapd enables multiple BSSIDs by the addition of a bss configuration item. The bss item requires a default interface name to be allocated for the data packets of the new BSS: bss=wlan0_0
|
|
|
burst
|
|
|
|
channel policy
channel
|
Disable channel management (default) and set channel:
channel_policy=0
channel=60
Automatically select best channel and allow it to change:
channel_policy=3
|
|
|
country_code
|
country_code=US
|
|
|
cts_protection_type
|
Set CTS protection for a mix of 802.11g and 802.11b stations: cts_protection_type=0
(This is the default.)
|
|
|
cwmin
|
|
|
|
cwmax
|
|
|
|
deny_mac_file
|
For MAC Filtering, define path to MAC deny file: deny_mac_file=/etc/hostapd.deny
|
|
|
dtim_period
|
Include DTIM message in every other Beacon: dtim_period=2
|
|
|
eapol_key_index_workaround
|
Microsoft Windows XP supplicant workaround when broadcast keys only are used:
eapol_key_index_workaround=0
This is not needed if individual unicast keys are used (when wep_key_len_unicast is set to 5, 13, or 16):
|
|
|
eapol_reauth_period
|
An example of the default setting for how often IEEE 802.1X reauthentication is required (once an hour):
eapol_reauth_period=3600
Setting eapol_reauth_period=0 disables reauthentication for IEEE 802.1X security.
|
|
|
force_unicast_rate
|
Set transmission rate (in 100 kbps) for all unicast frames:
force_unicast_rate=240
(Stations that do not support this rate cannot associate.)
|
|
|
fragm_threshold
|
Disable fragmentation threshold:
fragm_threshold=2346
(The range is 0 to 2346 where 2346 is "disabled")
|
|
|
framed_mtu
|
Define value for Framed-MTU attribute in RADIUS messages: framed_mtu=1400
Limits size EAP messages (by fragmenting them) to fit MTU of the wireless interface
|
|
|
hwmode
|
hw_mode=g
|
|
|
iapp_interface
|
Prerequisite setting for layer2_update.
|
|
|
ieee80211d
|
Enable sending country code in Beacons: ieee80211d=1
|
|
|
ieee8021x
|
Enable IEEE 802.1x security:
ieee8021x=1
|
|
|
ignore_broadcast_ssid
|
Set Access Point to not send SSID in its Beacons. (Require client stations to know the SSID): ignore_broadcast_ssid=1
|
|
|
inactivity_policy
|
Example of default station inactivity policy configuration:
inactivity_policy=0
|
|
|
interface
|
interface=wlan0
|
|
|
layer2_update
|
hostapd provides support for Layer 2 Update frames to update bridge learn tables when a station associates.
See also iapp_interface which is prerequisite setting for layer2_update.
|
|
|
load_balance_threshold
load_balance_threshold_st
load_balance_assoc_limit
|
Load balancing is disabled by default (load_balance_threshold=0)
|
See Load Balancing for details on setting these options.
|
|
logger_syslog
logger_syslog_level
logger_stdout
logger_stdout_level
|
Include all modules and set minimum priority level to "2"; only information messages, notifications and warnings get logged.
logger_syslog=-1
logger_syslog_level=2
logger_stdout=-1
logger_stdout_level=2
|
|
|
key_tx_rx_threshold
|
For dynamically generated encryption keys (in IEEE 802.1X or WPA security), change a key after its been used a specified number of times:
key_tx_rx_threshold=1000000
To disable rekeying threshold:
key_tx_rx_threshold=0
|
|
|
macaddr_acl
|
For MAC Filtering, deny station unless it is listed in access control list (ACL): macaddr_acl=1
(If set to "0" stations are accepted unless in ACL; if set to "2" RADIUS server is consulted after local ACL is searched.)
|
|
|
max_num_sta
|
Restrict number of associations to this Access Point to 255: max_num_sta=255
|
|
|
max_ratectrl_rate
|
Set a maximum transmission rate:
max_ratectrl_rate=360
|
|
|
multi_ssid
|
Define multiple SSIDs: multi_ssid=GuestAccess
|
|
|
minimal_eap
|
Example of default setting for internal EAP authentication server, "0" is disabled: minimal_eap=0
To enable the internal authentication server:
minimal_eap=1.
|
|
|
own_ip_addr
|
RADIUS server setting to define IP Address of the access point running hostapd: own_ip_addr=127.0.0.1
|
|
|
passive_scan_mode
passive_scan_interval
passive_scan_listen
|
hostapd uses passive scanning to locate other Access Points. This feature is provided as part of rogue detection, but can also be used for WDS and clustering.
|
See Rogue Detection for details on these options.
|
|
preamble
|
Set short preamble (to improve efficiency of network throughput for 2, 5.5, 11 Mbps):
preamble=1
|
|
|
radius_failover_limit
|
When multiple RADIUS servers are configured, set number of attempts to retry failed transmissions before fail-over to second RADIUS server: radius_failover_limit=4
|
|
|
reg_domain_filename
|
reg_domain_filename=/etc/reg_domains.conf
|
|
|
rsn_preauth
rsn_preauth_interfaces
|
Enable IEEE 802.11i/RSN/WPA2 pre-authentication to speed up roaming:
rsn_preauth=1
By default, this option is disabled (rsn_preauth=0).
Define space separated list of interfaces from which pre-authentication frames are (for example, 'eth0' or 'eth0 wlan0wds0':
rsn_preauth_interfaces=eth0
|
|
|
rts_threshold
|
Disable RTS/ CTS threshold: rts_threshold=2347
(The range is 0 to 2347 where 2347 is "disabled".)
|
|
|
security_policy
|
Set the security mode for the secondary SSID in a multi-SSID configuration.
This requires additional configuration depending on which security policy you set.
|
|
|
ssid
|
ssid=test
|
|
|
supported_rates
|
Set basic and supported rates for a mix of 802.11g and 802.11b stations: supported_rates=10 20 55 110 60 90 120 180 240 360 480 540
basic_rates=10 20 55 110
|
|
|
tx_fail_percentage_limit
tx_fail_interval
|
Set maximum acceptable failure percentage of TX packets and deauthenticate stations that miss the cut-off:
tx_fail_percentage_limit=20
tx_fail_interval=10
(If either option is set to 0, this limitation on failure percentages is disabled; which is the default.)
|
|
|
tx_power_adjustment
|
Depracated. Use tx_power_reduction.
|
|
|
tx_power_reduction
|
Disable tx_power_reduction:
tx_power_reduction=0
(The default is disabled. When set to something other than 0, tx_power_reduction reduces the power output of a radio per the algorithm described in the Transmission Power.)
|
|
|
tx_queue_*
|
tx_queue_* options are QoS parameters for AP-to-station traffic.
|
|
|
vlan
|
Set VLANs, which are bou: vlan=wlan0_wep
|
|
|
wds
wds_ap
wds_assoc
wds_remote_addr
wds_security_policy
wds_wep_key
|
Configure WDS link between two APs: wds=wlan0wds0
wds_remote_addr=00:11:11:11:11:11
wds_ssid=wds-ssid
wds_security_policy=3
wds_wpa_psk_ascii=12345678
wds_ap=1
wds_assoc=1
wds=wlan0wds4
wds_remote_addr=00:44:44:44:44:44
wds_ssid=wds-ssid
wds_security_policy=1
wds_wep_key="abcde"
wds_ap=1
wds_assoc=1
wds=wlan0wds1
wds_remote_addr=00:22:22:22:22:22
wds_wep_key="abcde"
wds=wlan0wds2
wds_remote_addr=00:33:33:33:33:33
|
|
|
wep_keyNumber
wep_default_key
|
Set WEP keys in hexadecimal or ASCII (double-quoted) strings. Examples and notation:
wep_key0=1A2B3C4D5E (40-bit, hexadecimal)
wep_key1="vwxyz" (40-bit, ASCII)
wep_key2=0102030405060708090A0B0C0D (104-bit, hexadecimal)
wep_key3=".2.4.6.8.0.23" (104-bit, ASCII)
Set the active key:
wep_default_key=0
|
|
|
wep_key_len_broadcast
wep_key_len_unicast
|
For dynamic WEP keys, define length of generated keys in bytes (5 for 40-bit, 13 for 104-bit, or 16 for 128-bit WEP secret key): wep_key_len_broadcast=13 wep_key_len_unicast=13
(Above example sets dynamic WEP keys at 104-bit length.)
|
|
|
wep_rekey_period
|
Define WEP rekeying interval (in seconds) and send to stations using EAPOL-Key frames: wep_rekey_period=300
If this is set to 0, WEP keys are only generated once.
|
|
|
wme_ac_*
|
These are QoS parameters for clients.
|
|
|
wpa
|
Enable WPA security mode: wpa=1
|
|
|
wpa*
|
For details on wpa_use_psk, wpa_psk_hex, wpa_poll_interval, and other wpa* options, see Wi-Fi Protected Access.
|
|
Options that Must be Configured in the Broadcom Driver
For the Broadcom driver, the following options currently must be configured in that driver using the Broadcom wl tools:
For information on how to configure these features in the Broadcom driver, see hostapd.conf Options Requiring External Configuration with Broadcom wl in broadcom-wl-drv package and broadcom-wl package.
|
Notes
|
Also, please note:
- For a Broadcom bridge interface you must add the following line in the
hostapd.conf file:
bridge=<BridgeName> (for example, bridge=br0). Whereas in the Atheros driver, creating the bridge (in an interfaces file or via command ine) is enough.
- When using the Broadcom driver, you must add a the following line in the
hostapd.conf file:
driver=broadcom.
- Before starting hostapd, the Broadcom driver must be configured to access point mode with:
wl -i eth1 ap 1
|
Basic Settings
At a minimum, configure these optons explicitly:
Interface
Define the Linux network interface assigned for the WLAN device.
|
Note
|
When the access point is transmitting or receiving management frames, it uses the defined interface with an "ap" postfix, for example, wlan0ap.
|
interface=wlan0
(See also Options that Must be Configured in the Broadcom Driver for information about setting up a bridge interface when using the Brodcom driver.)
SSID
The SSID to be used in 802.11 management frames:
ssid=test
This is the default SSID for the Access Point.
Hardware Mode
Select an operation mode. The configuration items are:
An example of the hardware mode setting:
hw_mode=g
IEEE 802.11 ATHEROS SUPER AG Low-Level Hardware Setting
In order for the hardware mode "g" to leverage the full capacity of IEEE 802.11 Atheros Super AG, an additional setting must be specified on the driver.
The atheros_super_ag configuration item uses these bit fields:
|
Flag Bit
|
Decimal
Value
|
Description
|
|
Bit 0
|
1
|
Enable fast frame support
|
|
Bit 1
|
2
|
Enable compression
|
|
Bit 2
|
4
|
Enable TurboPrime
|
Atheros SuperA/G is disabled by default: atheros_super_ag=0)
As an example, to enable all Super AG features:
atheros_super_ag=7
Channel and Channel Policy
Either the channel is set explicitly (channel_policy=0) and channel is set to the specified channel number or automatic channel selection is configured. There are three options for automatic channel selection::
- Select the first available channel of the first available mode (
channel_policy=1). In this case, the channel item is ignored.
- Automatically select the best channel (
channel_policy=2). In this case, the channel item is ignored.
- Automatically select the best channel and allow channel to be changed (
channel_policy=3).
An example of the channel policy setting:
channel_policy=0
channel=60
Check Country Code and Regulatory Domain
By default, the country code and regulatory domain is set to operate on frequencies permitted in the United States. These settings should be modified as appropriate to operate on the frequency bands permitted in your country. See Country Code and Regulatory Domain.
Country Code and Regulatory Domain
File Name for Regulatory Domain Information
Different national and transnational authorities regulate different portions of the electromagnetic spectrum available for transmission. The 802.11 family of standards transmit and receive in unlicensed frequencies, using the 2.4 GHz band for 802.11b and 802.11g, and the 5 GHz band for 802.11a. There are differences in Channel range and Transmission Power levels for the different regulators. Regulators include the Federal Communications Commission (FCC), the European Telecommunications Standards Institute (ETSI), and the Telecom Engineering Center (MKK or TELEC).
An information file is provided that shows regulatory domain data; that is, the accepted frequencies associated with each country code. The reg_domain_filename configuration item is set to the default file name for regulatory domain data:
reg_domain_filename=/etc/reg_domains.conf
Country Code
The Country code (ISO/IEC 3166-1) is used to set the regulatory domain, which limits the available channels and transmit power to the values allowed by the specified regulator.
By default, the country code is set to "US", which sets it to transmit at radio frequencies permitted in the United States:
country_code=US
IEEE 80211d Setting for Sending Country Code and Accepted Frequencies in Beacon Frames
Enable IEEE 802.11d setting to transmit country code and accepted frequencies in beacon frames. (By default, this setting is disabled (ieee80211d=0).
ieee80211d=1
Event Logging
System Logs and Standard Output
hostapd supports event logging both to syslog and stdout, the latter usually used for debugging only. Events like IEEE 802.11 authentication, associations, and IEEE 802.1x authorization are sent to the event log.
Bit Fields and Selected Modules
The logger_syslog and logger_stdout items are bit fields used to select which modules are included in the event logging. -1 selects all modules. Currently used module bits:
|
Flag Bit
|
Decimal
Value
|
Description
|
|
Bit 0
|
1
|
IEEE 802.11 module
|
|
Bit 1
|
2
|
IEEE 802.1X module
|
|
Bit 2
|
4
|
WPA module
|
|
Bit 3
|
8
|
RADIUS module
|
|
Bit 4
|
16
|
MLME module
|
|
Bit 5
|
32
|
Driver Interface module
|
Setting Severity Level
The logger_syslog_level and logger_stdout_level set the minimum priority level to be logged. Specifying a level indicates to log events at the specified level or higher. The options are:
|
0
|
Verbose debugging
|
|
1
|
Debugging
|
|
2
|
Informational messages
|
|
3
|
Notification
|
|
4
|
Warning
|
Example Log Settings
This example configuration includes all modules and sets the minimum priority level to "2", which means only informational messages, notifications and warnings will be logged:
logger_syslog=-1
logger_syslog_level=2
logger_stdout=-1
logger_stdout_level=2
IEEE 802.11 Radio Settings
Administration Status
Turns radio interface on and off. Valid values are "up" and "down". If interface is down (off), no frames are transmitted or received. The default is "up".
adm_status=up
Beacon Interval
Beacon frames are transmitted by an access point at regular intervals to announce the existence of the wireless network.
Define the beacon interval in kµsec (1.024 ms). The default behavior is to send a beacon frame once every 100 milliseconds (or 10 per second):
beacon_int=100
Delivery Traffic Information Messages
The Delivery Traffic Information Map (DTIM ) message is an element included in some Beacon frames. It indicates which client stations, currently sleeping in low-power mode, have data buffered on the access point awaiting pick-up.
hostapd can vary the frequency of DTIM messages being inserted in its Beacon frames. The range is 1 to 255 where 1 indicates every Beacon includes a DTIM message:
dtim_period=2
Maximum Station Associations
The 802.11 standard specifies a limit of 2007 different association IDs. You can restrict the stations in your station table to fewer with this configuration item. Once max_num_sta have been added to the station table, new stations will be rejected.
max_num_sta=255
RTS/CTS Threshold
Set the Request-to-Send (RTS) / Clear-to-Send (CTS) threshold with the rts_threshold configuration item. The range is 0 to 2347 (disabled):
rts_threshold=2347
If the rts_threshold configuration item is not included in hostapd.conf, hostapd will not control the RTS threshold. You can use the command iwconfig wlan# rts val to set it.
Fragmentation Threshold
Set the Fragmentation threshold with the fragm_threshold configuration item. The range is 0 to 2346 (disabled):
fragm_threshold=2346
If the fragm_threshold configuration item is not included in hostapd.conf, hostapd will not control the fragmentation threshold. You can use the command iwconfig wlan# frag val to set it.
IEEE 802.11b Preamble
IEEE 802.11b supports a short or long preamble. The long preamble uses the legacy 802.11 1 and 2 Mbps DSSS header. The short preamble option was provided to improve the efficiency of a network's throughput. The preamble is used to allow stations to synchronize with the access point signal. The options are:
|
0
|
Use long preamble
|
|
1
|
Use short preamble for 2, 5.5, 11 Mbps
|
|
Note
|
This affects only 802.11b and 802.11g modes. If one or more associated stations do not support the short preamble, the access point will automatically use the long preamble regardless of this setting.
|
Example preamble setting:
preamble=1
Clear-to-Send Frames (cts_protection_type)
802.11g uses Clear-to-Send (CTS) frames to stop 802.11b stations from interfering with frames sent at higher rates. This is useful in mixed mode networks consisting of both 802.11b and 802.11g stations. This behavior is automatically disabled if there are no 802.11b stations associated with the access point.
Override this behavior with the cts_protection_type configuration item. Its options are:
|
0
|
Use CTS protection when there are both 802.11g and 802.11b stations associated with this access point or when or when Overlapping Legacy BSS Condition (OLBC) is detected.
This is the default.
|
|
1
|
Force CTS protection even if there are no 802.11b stations associated with this access point
|
|
2
|
Disable CTS protection even when there are 802.11b stations associated with this access point
|
|
3
|
Like 0 (auto detection), but do not use OLBC detection
|
.
|
Note
|
OLBC is required for Wi-Fi certification of IEEE 802.11g AP and thus, only the default setting (0) can pass the certification test.
OLBC refers to the case where one of the overlapping BSSes (that is, another AP on the same channel) is either itself IEEE 802.11b-only or has IEEE 802.11b-only stations. IEEE 802.11b stations that do not support the new IEEE 802.11g rates are considered "legacy".
|
Example of setting CTS protection for both 802.11g and 802.11b stations:
cts_protection_type=0
It can be useful to enable CTS protection for an 802.11g-only access point where there are 802.11b stations on the same channel using another access point. Alternatively, disabling this even when 802.11b stations are present can improve performance, if most of the traffic is between 802.11g devices.
Rate Configuration
The default is to enable all rates supported by the hardware. This configuration item allows the list to be filtered so that only the defined rates are left in the list. If the list is empty, all rates are used. The list can have entries that are not in the range of rates the hardware supports-such entries are ignored. The entries in this list are in 100 kbps, where 11 Mbps = 110.
If this item is present, at least one rate has to match the rates the hardware supports.
The basic rate set configuration is a list of rates (in 100 kbps) that are included in the basic rate set. If this item is not defined, a reasonable default set is used.
Example values:
supported_rates=60 90 120 180 240 360 480 540
basic_rates=60 120 240
802.11b:
supported_rates=10 20 55 110
basic_rates=10 20
802.11g only:
supported_rates=60 90 120 180 240 360 480 540
basic_rates=60 120 240
802.11g in mixed mode with 802.11b stations:
supported_rates=10 20 55 110 60 90 120 180 240 360 480 540
basic_rates=10 20 55 110
Forced Transmission Rate
This configuration item allows you to configure a transmission rate (in 100 kbps) that will be used for all unicast frames. Configuring this item will also prevent stations that do not support the forced rate from associating with the Access Point:
force_unicast_rate=240
The rate must be one of the supported rates (supported_rates) defined in Rate Configuration above.
Note that the force_unicast_rate is only used for rate selection of TX frames; that is, STAs (stations) can still send frames at other supported rates and the AP will accept them.
Maximum Transmission Rate
This configuration item allows you to set a maximum limit on the transmission rate for the rate control algorithm in use. By default, this option is disabled (0) which allows any supported rate to be used.
If set, this option overrides rates in the supported rate set that are above the specified maximum transmission rate.
Example of setting a maximum transmission rate:
max_ratectrl_rate=360
Minimum Association Rate
This configuration item allows you to set a minimum rate (in 100 kbps) required for association. If a client station does not support any rates equal to or greater than this rate, association will be rejected. If the minimum rate is set to 12 Mbps for a 802.11g Access Point, all 802.11b stations will be rejected.
assoc_min_rate=120
Maximum Failure Percentage for Transmissions
This configuration item allows you to set the maximum acceptable failure percentage for transmitted packets (percentage of packets that failed even after all retry attempts). This can be used, for example, with Forced Transmission Rate to remove STAs that are not close enough to use the configured rate.
If the failure percentage is larger than tx_fail_percentage_limit, STA will be deauthenticated. This verification is done every tx_fail_interval seconds.
If either of these options is set to 0 (or not set in hostapd.conf), transmission failure limitation is disabled (this is the default).
Example of setting a maximum failure percentage of TX packets:
tx_fail_percentage_limit=20
