hostapd package
Information on this package is covered here.
|
Package
|
Description
|
License
|
|
hostapd
|
Access Point daemon.
|
Devicescape Software, Inc. Jouni Malinen
|
Summary
The Host Access Point daemon (hostapd) manages user-space 802.11 functions such as authentication, encryption, initializing network interface, beacon intervals, extended authorization protocol (EAP) keys, etc. These are mainly the non-time critical functions required of a wireless Access Point. It also provides an interface into the DataPath driver for the management, transmission, and reception of wireless data packets.
Usage
Starting/Stopping the hostapd Service
Use the command line interface (CLI) to get status and stop/start hostapd service as follows.
|
Command
|
Description
|
|
get dot11 status
|
Returns status of the hostapd service (up is on, down is off).
|
|
set dot11 status down
|
Stops the hostapd service.
|
|
set dot11 status up
|
Starts the hostapd service.
|
Runtime Configuration (hostapd.conf)
Configuration of the Access Point is handled by the device management agent. hostapd maintains an internal configuration file based on these settings. It passes control information and management frames to the DataPath driver.
The Host Access Point Daemon (hostapd) uses configuration files to set up values for all 802.11 related options. These files configure both the hostapd process and the kernel drivers for the related wireless LAN (WLAN) devices.
|
Notes
|
- The interfaces described in this section, including all API's, file structures, data structures and scripting techniques (the interfaces), are subject to change in future versions of the Devicescape Wireless Infrastructure Platform. Should Devicescape change any of these interfaces, Devicescape does not guarantee nor warranty forward and/or backward compatibility between the new interfaces and those described herein.
- Some options may not be supported in all drivers.
|
Each WLAN interface/radio has its own configuration file. A single hostapd process can be used to control more than one radio. During start-up, all configuration files must be listed on the command line. For example, following command line could be used to start hostapd as a daemon that forks to background (-B) and controls two WLAN devices (wlan0 and wlan1):
./hostapd -B /etc/hostapd.conf-wlan0 /etc/hostapd.conf-wlan1
The default configuration file is hostapd.conf. It is a text file. Empty lines are ignored. All lines starting with "#" are also ignored-use them to comment the file. An example configuration file is provided which includes comments about the available configuration items.
Most items have a sensible default values, but the interface, SSID, hardware mode, and channel and channel policy items at least should be explicitly configured as "basic settings". The basic settings are described first, followed by sections on how to configure the rest of the available options.
Note that "hostapd.conf" file is meant to serve as an example configuration file for the hostapd package. In practice, you might rename this file. When you create the root file system for an access point per the AP reference design (see Devicescape Developer Guide), example files are generated for /etc/hostapd (with a symbolic link to /config/etc/hostapd) directory. You can use these as reference configuration files. In most cases, the <hostapd>.conf file must be edited before bringing up the access point and you must specify which .conf file should be loaded when hostapd starts. That is, hostapd looks at this particular configuration file so that it knows which "<hostapd>.conf" to use.
# cat /etc/default/hostapd
# Settings for the hostapd init script
# Specify all the config files, one per radio that
# will be running in access point mode
CONFIG_FILES="/etc/hostapd/atheros_a.conf"
# Set the level of debug output desired
For multi-radio support, you can have two or more .conf files, separated by a space:
CONFIG_FILES="/etc/hostapd/atheros_a.conf /etc/hostapd/broadcom_g.conf"
Modifying a Running Configuration
A running configuration can be changed by modifying the configuration files and signaling the hostapd process with a SIGHUP signal hangup. This will cause the daemon to reload the configuration files and enable the new settings-assuming there are no syntax errors in the configuration files.
|
Note
|
A better option than using SIGHUP is to use the API call RELOAD because it provides feedback to the caller about the completion of the reconfiguration. SIGHUP does not provide this feedback, and can easily cause race conditions with the AP configuration system in some cases (for example, when a SIGHUP command is followed by an interface configuration for a new WDS link).
|
Quick Reference to Configuration Options in hostapd.conf
Following is a summary of all configuration options in the hostapd.conf file for quick reference. (Note that some options may not be supported in all drivers. See driver-specific packages for options that require configuration external to hostapd.)
|
Option
|
Examples and Notes
|
Where to Get More Info
|
|
accept_mac_file
|
For MAC Filtering, define path to MAC accept file: accept_mac_file=/etc/hostapd.accept
|
|
|
adm_status
|
Turns radio interface on and off.
adm_status=up
|
|
|
acct_server_addr
acct_server_port
acct_server_shared_secret
|
Define the RADIUS accounting server address, port (normally 1813), and shared secret.
acct_server_addr=127.0.0.1
acct_server_port=1813
acct_server_shared_secret=secret
|
|
|
aifs
|
This is a QoS parameter.
|
|
|
allow_non_wpa
|
In WPA security mode, allow non-WPA stations:
allow_non_wpa=1
Setting allow_non_wpa=0 means do not allow non-WPA stations to use this Access Point.
|
|
|
antenna_mode
antenna_sel
|
Set antenna mode to static (and set requisite default antenna):
antenna_mode=static
antenna_sel=1
Automatically select the best antenna to receive/transmit and switch in case of transmit failure (this is the default):
antenna_mode=omni_ap
|
|
|
ap_max_inactivity
|
Set station inactivity limit:
ap_max_inactivity=300
The setting shown is the default: 300 seconds (which is 5 minutes)
|
|
|
ap_table_max_size
ap_table_expiration_time
|
These are options related to passive scanning.
|
|
|
assoc_min_rate
|
Set a minimum rate (in 100 kbps) needed for association:
assoc_min_rate=120
(If the minimum rate is set to 12 Mbps for a 802.11g Access Point, all 802.11b stations will be rejected.)
|
|
|
atheros_super_ag
|
Enable all Super AG features:
atheros_super_ag=7
(As a prerequisite, to using Atheros Super AG, hw_mode must be set to "g": hw_mode=g)
|
|
|
atheros_xr
|
Enable Atheros Extended Range (XR)
atheros_xr=1
Atheros XR applies only when hw_mode is set to "a" or "g": hw_mode=a or hw_mode=g.
There is no support for Atheros XR in IEEE 802.11b, Atheros Turbo 5 GHz, or Atheros Dynamic Turbo 5 GHz.
|
|
|
auth_algs
|
Sets the authentication algorithm for both Open and Shared Key authentication:
auth_algs=3
(This is a WEP security setting.)
|
|
|
auth_server_addr
auth_server_port
auth_server_shared_secret
|
Configure information about the RADIUS server:
auth_server_addr=127.0.0.1
auth_server_port=1813
auth_server_shared_secret=secret
|
|
|
basic_rates
|
Set basic and supported rates for a mix of 802.11g and 802.11b stations:
supported_rates=10 20 55 110 60 90 120 180 240 360 480 540
basic_rates=10 20 55 110
|
|
|
beacon_int
|
Send a Beacon frame every 100 milliseconds (10 per second):
beacon_int=100
|
|
|
bridge_packets
|
Disable the internal bridge thereby enabling "station isolation":
bridge_packets=0
Enable the internal bridge thereby disabling "station isolation" (this is the default):
bridge_packets=1
|
|
|
bss
|
hostapd enables multiple BSSIDs by the addition of a bss configuration item. The bss item requires a default interface name to be allocated for the data packets of the new BSS:
bss=wlan0_0
|
|
|
burst
|
This is a QoS parameter.
|
|
|
channel policy
channel
|
Disable channel management (default) and set channel:
channel_policy=0
channel=60
Automatically select best channel and allow it to change:
channel_policy=3
|
|
|
country_code
|
country_code=US
|
|
|
cts_protection_type
|
Set CTS protection for a mix of 802.11g and 802.11b stations:
cts_protection_type=0
(This is the default.)
|
|
|
cwmin
|
This is a QoS parameter.
|
|
|
cwmax
|
This is a QoS parameter.
|
|
|
deny_mac_file
|
For MAC Filtering, define path to MAC deny file: deny_mac_file=/etc/hostapd.deny
|
|
|
dtim_period
|
Include DTIM message in every other Beacon:
dtim_period=2
|
|
|
dynamic_vlan
multi-dynamic_vlan
vlan_file
vlan_tagged_interface
|
Use dynamic_vlan option to disable, allow as an option, or require VLAN mode on an external RADIUS server. The following disables VLAN mode on the RADIUS server (the default):
dynamic_vlan=0
Or
multi_dynamic_vlan=0
Indicate the pathname of the file that specifies the list of VLAN interfaces for dynamic VLAN mode on the RADIUS server:
vlan_file=/etc/hostapd.vlan
Specify the interface where IEEE 802.1q tagged packets should appear when a RADIUS server is used to determine the VLAN for a station:
vlan_tagged_interface=eth0
|
See Dynamic VLAN Mode under the topic on setting up a RADIUS server for Security.
|
|
eapol_key_index_workaround
|
Microsoft Windows XP supplicant workaround when broadcast keys only are used:
eapol_key_index_workaround=0
This is not needed if individual unicast keys are used (when wep_key_len_unicast is set to 5, 13, or 16):
|
|
|
eapol_reauth_period
|
An example of the default setting for how often IEEE 802.1X reauthentication is required (once an hour):
eapol_reauth_period=3600
Setting eapol_reauth_period=0 disables reauthentication for IEEE 802.1X security.
|
|
|
force_unicast_rate
|
Set transmission rate (in 100 kbps) for all unicast frames:
force_unicast_rate=240
(Stations that do not support this rate cannot associate.)
|
|
|
fragm_threshold
|
Disable fragmentation threshold:
fragm_threshold=2346
(The range is 0 to 2346 where 2346 is "disabled")
|
|
|
framed_mtu
|
Define value for Framed-MTU attribute in RADIUS messages:
framed_mtu=1400
Limits size EAP messages (by fragmenting them) to fit MTU of the wireless interface
|
|
|
hwmode
|
hw_mode=g
|
|
|
iapp_interface
|
Prerequisite setting for layer2_update.
|
|
|
ieee80211d
|
Enable sending country code in Beacons:
ieee80211d=1
|
|
|
ieee8021x
|
Enable IEEE 802.1x security:
ieee8021x=1
|
|
|
ieee802.11h
|
Enable IEEE 802.11h to minimize RF interference on the 5Ghz band in some countries.
For IEEE 802.11h support, provides Transmit Power Control (TPC) and Dynamic Frequency Selection (DFS) services when operating in regulatory domains which require them. This setting is enabled by default as and should remain on: ieee80211h=1
|
|
|
ignore_broadcast_ssid
|
Set Access Point to not send SSID in its Beacons. (Require client stations to know the SSID):
ignore_broadcast_ssid=1
|
|
|
inactivity_policy
|
Example of default station inactivity policy configuration:
inactivity_policy=0
|
|
|
interface
|
interface=wlan0
|
|
|
layer2_update
|
hostapd provides support for Layer 2 Update frames to update bridge learn tables when a station associates.
See also iapp_interface which is prerequisite setting for layer2_update.
|
|
|
load_balance_threshold
load_balance_threshold_st
load_balance_assoc_limit
|
Load balancing is disabled by default (load_balance_threshold=0)
|
See Load Balancing for details on setting these options.
|
|
logger_syslog
logger_syslog_level
logger_stdout
logger_stdout_level
|
Include all modules and set minimum priority level to "2"; only information messages, notifications and warnings get logged.
logger_syslog=-1
logger_syslog_level=2
logger_stdout=-1
logger_stdout_level=2
|
|
|
key_tx_rx_threshold
|
For dynamically generated encryption keys (in IEEE 802.1X or WPA security), change a key after its been used a specified number of times:
key_tx_rx_threshold=1000000
To disable rekeying threshold:
key_tx_rx_threshold=0
|
|
|
macaddr_acl
|
For MAC Filtering, deny station unless it is listed in access control list (ACL): macaddr_acl=1
(If set to "0" stations are accepted unless in ACL; if set to "2" RADIUS server is consulted after local ACL is searched.)
|
|
|
max_num_sta
|
Restrict number of associations to this Access Point to 255:
max_num_sta=255
|
|
|
max_ratectrl_rate
|
Set a maximum transmission rate:
max_ratectrl_rate=360
|
|
|
multi_ssid
|
Define multiple SSIDs:
multi_ssid=GuestAccess
|
|
|
minimal_eap
|
Example of default setting for internal EAP authentication server, "0" is disabled:
minimal_eap=0
To enable the internal authentication server:
minimal_eap=1.
|
|
|
own_ip_addr
|
RADIUS server setting to define IP Address of the access point running hostapd:
own_ip_addr=127.0.0.1
|
|
|
passive_scan_mode
passive_scan_interval
passive_scan_listen
|
hostapd uses passive scanning to locate other Access Points. This feature is provided as part of rogue detection, but can also be used for WDS and clustering.
|
See Rogue Detection for details on these options.
|
|
preamble
|
Set short preamble (to improve efficiency of network throughput for 2, 5.5, 11 Mbps):
preamble=1
|
|
|
radar_channels_filename
|
As a part of IEEE 802.11h radar detection, the radar channel file maintains the list of channels on which radar is detected.:
radar_channels_filename=/etc/hostapd-wlan0-radar-file
|
For this and other related settings, see Radar Detection in IEEE 802.11h Support.
|
|
radius_failover_limit
|
When multiple RADIUS servers are configured, set number of attempts to retry failed transmissions before fail-over to second RADIUS server:
radius_failover_limit=4
|
|
|
reg_domain_filename
|
reg_domain_filename=/etc/reg_domains.conf
|
|
|
rsn_preauth
rsn_preauth_interfaces
|
Enable IEEE 802.11i/RSN/WPA2 pre-authentication to speed up roaming:
rsn_preauth=1
By default, this option is disabled (rsn_preauth=0).
Define space separated list of interfaces from which pre-authentication frames are (for example, 'eth0' or 'eth0 wlan0wds0':
rsn_preauth_interfaces=eth0
|
|
|
rts_threshold
|
Disable RTS/CTS threshold:
rts_threshold=2347
(The range is 0 to 2347 where 2347 is "disabled".)
|
|
|
security_policy
|
Set the security mode for the secondary SSID in a multi-SSID configuration.
This requires additional configuration depending on which security policy you set.
|
|
|
ssid
|
ssid=test
|
|
|
supported_rates
|
Set basic and supported rates for a mix of 802.11g and 802.11b stations:
supported_rates=10 20 55 110 60 90 120 180 240 360 480 540
basic_rates=10 20 55 110
|
|
|
tx_fail_percentage_limit
tx_fail_interval
|
Set maximum acceptable failure percentage of TX packets and deauthenticate stations that miss the cut-off:
tx_fail_percentage_limit=20
tx_fail_interval=10
(If either option is set to 0, this limitation on failure percentages is disabled; which is the default.)
|
|
|
tx_power_adjustment
|
Deprecated. Use tx_power_reduction.
|
|
|
tx_power_mitigation
|
Reduce transmit power for stations as a part of IEEE 802.11h per the default:
tx_power_mitigation=3
|
|
|
tx_power_reduction
|
Disable tx_power_reduction on the AP:
tx_power_reduction=0
(The default is disabled. When set to something other than 0, tx_power_reduction reduces the power output of a radio on the AP per the algorithm described in the Transmission Power.)
|
|
|
tx_queue_*
|
tx_queue_* options are QoS parameters for AP-to-station traffic.
|
|
|
vlan
|
Set VLANs, which are bound to this interface:
vlan=wlan0_wep
|
|
|
wds
wds_ap
wds_assoc
wds_remote_addr
wds_security_policy
wds_wep_key
|
Configure WDS link between two APs:
wds=wlan0wds0
wds_remote_addr=00:11:11:11:11:11
wds_ssid=wds-ssid
wds_security_policy=3
wds_wpa_psk_ascii=12345678
wds_ap=1
wds_assoc=1
wds=wlan0wds4
wds_remote_addr=00:44:44:44:44:44
wds_ssid=wds-ssid
wds_security_policy=1
wds_wep_key="abcde"
wds_ap=1
wds_assoc=1
wds=wlan0wds1
wds_remote_addr=00:22:22:22:22:22
wds_wep_key="abcde"
wds=wlan0wds2
wds_remote_addr=00:33:33:33:33:33
|
|
|
wep_keyNumber
wep_default_key
|
Set WEP keys in hexadecimal or ASCII (double-quoted) strings. Examples and notation:
wep_key0=1A2B3C4D5E (40-bit, hexadecimal)
wep_key1="vwxyz" (40-bit, ASCII)
wep_key2=0102030405060708090A0B0C0D (104-bit, hexadecimal)
wep_key3=".2.4.6.8.0.23" (104-bit, ASCII)
Set the active key:
wep_default_key=0
|
|
|
wep_key_len_broadcast
wep_key_len_unicast
|
For dynamic WEP keys, define length of generated keys in bytes (5 for 40-bit, 13 for 104-bit, or 16 for 128-bit WEP secret key):
wep_key_len_broadcast=13
wep_key_len_unicast=13
(Above example sets dynamic WEP keys at 104-bit length.)
|
|
|
wep_rekey_period
|
Define WEP rekeying interval (in seconds) and send to stations using EAPOL-Key frames:
wep_rekey_period=300
If this is set to 0, WEP keys are only generated once.
|
|
|
wme_ac_*
|
These are QoS parameters for clients.
|
|
|
wpa
|
Enable WPA security mode:
wpa=1
|
|
|
wpa*
|
For details on wpa_use_psk, wpa_psk_hex, wpa_poll_interval, and other wpa* options, see Wi-Fi Protected Access.
|
|
Basic Settings
At a minimum, configure these options explicitly:
Interface
Define the Linux network interface assigned for the WLAN device.
|
Note
|
When the access point is transmitting or receiving management frames, it uses the defined interface with an "ap" postfix, for example, wlan0ap.
|
SSID
The SSID to be used in 802.11 management frames:
This is the default SSID for the Access Point.
Hardware Mode
Select a radio hardware operation mode. The configuration items are:
An example of the hardware mode setting:
IEEE 802.11 ATHEROS SUPER AG Low-Level Hardware Setting
In order for the hardware mode "g" to leverage the full capacity of IEEE 802.11 Atheros Super AG, an additional setting must be specified on the driver.
The atheros_super_ag configuration item uses these bit fields:
|
Flag Bit
|
Decimal
Value
|
Description
|
|
Bit 0
|
1
|
Enable fast frame support
|
|
Bit 1
|
2
|
Enable compression
|
|
Bit 2
|
4
|
Enable TurboPrime
|
Atheros SuperA/G is disabled by default: atheros_super_ag=0)
As an example, to enable all Super AG features:
ATHEROS XR Low-Level Hardware Setting
Atheros XR (Extended Range) is a proprietary method for implementing low rate traffic over longer distances. It is transparent to XR enabled clients and access points and is designed to be interoperable with the 802.11 standard in 802.11g and 802.11a modes. There is no support for Atheros XR in 802.11b, Atheros Turbo 5 GHz, or Atheros Dynamic Turbo 5 GHz.
Enabling Atheros XR will extend the range over which your client and access point can operate.
|
Note
|
In the current release, Atheros XR is not supported with Super A/G.
|
To enable Atheros XR on the AP, set the atheros_xr option to "1" as follows:
Channel and Channel Policy
Either the channel is set explicitly (channel_policy=0) and channel is set to the specified channel number or automatic channel selection is configured. There are three options for automatic channel selection:
- Select the first available channel of the first available mode (
channel_policy=1). In this case, the channel item is ignored.
- Automatically select the best channel (
channel_policy=2). In this case, the channel item is ignored.
- Automatically select the best channel and allow channel to be changed (
channel_policy=3).
An example of the channel policy setting:
Check Country Code and Regulatory Domain
By default, the country code and regulatory domain is set to operate on frequencies permitted in the United States. These settings should be modified as appropriate to operate on the frequency bands permitted in your country. See Country Code and Regulatory Domain.
Country Code and Regulatory Domain
File Name for Regulatory Domain Information
Different national and transnational authorities regulate different portions of the electromagnetic spectrum available for transmission. The 802.11 family of standards transmit and receive in unlicensed frequencies, using the 2.4 GHz band for 802.11b and 802.11g, and the 5 GHz band for 802.11a. There are differences in Channel range and Transmission Power levels for the different regulators. Regulators include the Federal Communications Commission (FCC), the European Telecommunications Standards Institute (ETSI), and the Telecom Engineering Center (MKK or TELEC).
An information file (hostapd/examples) is provided that shows regulatory domain data; that is, the accepted frequencies associated with each country code. The reg_domain_filename configuration item is set to the default file name for regulatory domain data:
reg_domain_filename=/etc/reg_domains.conf
Country Code
The Country code (ISO/IEC 3166-1) is used to set the regulatory domain, which limits the available channels and transmit power to the values allowed by the specified regulator.
By default, the country code is set to "US", which sets it to transmit at radio frequencies permitted in the United States:
IEEE 802.11d Setting for Sending Country Code and Accepted Frequencies in Beacon Frames
Enable IEEE 802.11d setting to transmit country code and accepted frequencies in beacon frames. By default, this setting is disabled (ieee80211d=0).
IEEE 802.11h Support
hostapd includes support for IEEE 802.11h to resolve interference from military, medical, or other radio frequency (RF) emitting devices that can occur when the AP is operating in the 5 GHz band for 802.11a in some locations (particularly Europe and Japan).
For more information on setting the hw_mode to IEEE 802.11a and other modes, see Hardware Mode. See also Japan's New Channel Allocations on IEEE 802.11a/5GHz.
IEEE 802.11h Setting to Minimize RF Interference on 5GHz Band in Some Countries
The 802.11h setting, which is enabled in hostapd by default, provides Transmit Power Control (TPC) and Dynamic Frequency Selection (DFS) services when operating in regulatory domains which require them.
IEEE 802.11h is intended to resolve interference introduced by the use of 802.11a in locations such as Europe and Japan, particularly from radar systems and medical devices. The following strategies are provided to minimize interference:
- Dynamic Frequency Selection (DFS) detects the presence of other devices on a channel and automatically switches the network to another channel if and when such signals are detected. (See Radar Detection.)
- Transmit Power Control (TPC) reduces the radio-frequency (RF) output power of each radio on the devices to a level that minimizes risk of interference to and from other systems, while still allowing satisfactory network performance. (See Transmit Power Mitigation for Stations and Transmission Power.)
When enabled, IEEE 802.11h is operational only when:
When IEEE 802.11h is operational, the channel_policy and channel settings are ignored, but the device will behave as though as though automatic channel selection policy is set (channel_policy=3). The configured channel will be ignored. Whenever IEEE 802.11h is not operational (for example, when the hw_mode is changed from "a" to "b"), the normal channel_policy and channel settings take effect again. (See also Channel and Channel Policy.)
By default, IEEE 802.11h is enabled:
The IEEE 802.11h setting should remain enabled and inaccessible to the end user; the end user should not be able to disable it. (If ieee80211h=0, the feature is disabled.)
Radar Detection
As a part of IEEE 802.11h support, the AP can detect the presence of radar-emitting devices that might interfere with the wireless network. The following settings are available to configure radar detection.
- The radar channel file maintains the list of channels on which radar is detected. This is required to be in the persistent memory in order for hostapd to work properly after reboot and reconfiguration. The default file is
/etc/hostapd-wlan0-radar-file. The following line sets the filename to this default:
radar_channels_filename=/etc/hostapd-wlan0-radar-file
- The block time is the time duration for which the channel should not be used after detecting radar. The minimum (also the default) is 30 minutes:
- The quiet duration is duration of the quiet interval in TUs. The default is 0:
- The quiet period is the beacon interval between regular quiet intervals. The default is 0:
These radar detection settings work in conjunction with the 802.11h setting described in IEEE 802.11h Setting to Minimize RF Interference on 5GHz Band in Some Countries.
Transmit Power Mitigation for Stations
Stations on the network provided by the AP will reduce their transmit power by tx_power_mitigation dBm below the maximum power allowed in the regulatory domain. This value is given in dBm, which is the power level in decibels relative to 1milliWatt (mW).
The tx_power_mitigation setting does not affect the transmit power of the AP. To reduce the AP's transmit power, use tx_power_reduction as explained in Transmission Power.
The default setting for transmit power mitigation for stations is:
Japan's New Channel Allocations on IEEE 802.11a/5GHz
Japan changed its regulatory domain rules for IEEE 802.11a at 5 GHz band in May 2005, including the following:
- Changed channel allocation on 5.15-5.25 GHz band to match with the channels used elsewhere. This changed channels 34,38,42,46 to 36,40,44,48.
- Added new channels 52,56,60,64 which require radar detection and DFS.
This version of hostapd supports the channel change and the new channels are selected by default.
If a build with the old channels is required, the reg_domains.conf file must be modified for this. In this case, modify the line "MKK1 11A B 36 4 23 0" to read "MKK1 11A B 34 4 23 0" in order to move to the old channel allocation (34,38,42,46). Use this only if a firmware update is required for an AP that has not been updated to the new rules.
(See also IEEE 802.11h Support.)
IEEE 802.11 Radio Settings
Administration Status
Turns radio interface on and off. Valid values are "up" and "down". If interface is down (off), no frames are transmitted or received. The default is "up".
Beacon Interval
Beacon frames are transmitted by an access point at regular intervals to announce the existence of the wireless network.
Define the beacon interval in kµsec (1.024 ms). The default behavior is to send a beacon frame once every 100 milliseconds (or 10 per second):
Delivery Traffic Information Messages
The Delivery Traffic Information Map (DTIM) message is an element included in some Beacon frames. It indicates which client stations, currently sleeping in low-power mode, have data buffered on the access point awaiting pick-up.
hostapd can vary the frequency of DTIM messages being inserted in its Beacon frames. The range is 1 to 255 where 1 indicates every Beacon includes a DTIM message:
Maximum Station Associations
The 802.11 standard specifies a limit of 2007 different association IDs. You can restrict the stations in your station table to fewer with this configuration item. Once max_num_sta have been added to the station table, new stations will be rejected.
RTS/CTS Threshold
Set the Request-to-Send (RTS) / Clear-to-Send (CTS) threshold with the rts_threshold configuration item. The range is 0 to 2347 (disabled):
If the rts_threshold configuration item is not included in hostapd.conf, hostapd will not control the RTS threshold. You can use the command iwconfig wlan# rts val to set it.
Fragmentation Threshold
Set the Fragmentation threshold with the fragm_threshold configuration item. The range is 0 to 2346 (disabled):
If the fragm_threshold configuration item is not included in hostapd.conf, hostapd will not control the fragmentation threshold. You can use the command iwconfig wlan# frag val to set it.
IEEE 802.11b Preamble
IEEE 802.11b supports a short or long preamble. The long preamble uses the legacy 802.11 1 and 2 Mbps DSSS header. The short preamble option was provided to improve the efficiency of a network's throughput. The preamble is used to allow stations to synchronize with the access point signal. The options are:
|
0
|
Use long preamble
|
|
1
|
Use short preamble for 2, 5.5, 11 Mbps
|
|
Note
|
This affects only 802.11b and 802.11g modes. If one or more associated stations do not support the short preamble, the access point will automatically use the long preamble regardless of this setting.
|
Example preamble setting:
Clear-to-Send Frames (cts_protection_type)
802.11g uses Clear-to-Send (CTS) frames to stop 802.11b stations from interfering with frames sent at higher rates. This is useful in mixed mode networks consisting of both 802.11b and 802.11g stations. This behavior is automatically disabled if there are no 802.11b stations associated with the access point.
Override this behavior with the cts_protection_type configuration item. Its options are:
|
0
|
Use CTS protection when there are both 802.11g and 802.11b stations associated with this access point or when or when Overlapping Legacy BSS Condition (OLBC) is detected.
This is the default.
|
|
1
|
Force CTS protection even if there are no 802.11b stations associated with this access point
|
|
2
|
Disable CTS protection even when there are 802.11b stations associated with this access point
|
|
3
|
Like 0 (auto detection), but do not use OLBC detection
|
.
|
Note
|
OLBC is required for Wi-Fi certification of IEEE 802.11g AP and thus, only the default setting (0) can pass the certification test.
OLBC refers to the case where one of the overlapping BSSes (that is, another AP on the same channel) is either itself IEEE 802.11b-only or has IEEE 802.11b-only stations. IEEE 802.11b stations that do not support the new IEEE 802.11g rates are considered "legacy".
|
Example of setting CTS protection for both 802.11g and 802.11b stations:
It can be useful to enable CTS protection for an 802.11g-only access point where there are 802.11b stations on the same channel using another access point. Alternatively, disabling this even when 802.11b stations are present can improve performance, if most of the traffic is between 802.11g devices.
Rate Configuration
The default is to enable all rates supported by the hardware. This configuration item allows the list to be filtered so that only the defined rates are left in the list. If the list is empty, all rates are used. The list can have entries that are not in the range of rates the hardware supports-such entries are ignored. The entries in this list are in 100 kbps, where 11 Mbps = 110.
If this item is present, at least one rate has to match the rates the hardware supports.
The basic rate set configuration is a list of rates (in 100 kbps) that are included in the basic rate set. If this item is not defined, a reasonable default set is used.
Example values:
supported_rates=60 90 120 180 240 360 480 540
802.11b:
supported_rates=10 20 55 110
802.11g only:
supported_rates=60 90 120 180 240 360 480 540
802.11g in mixed mode with 802.11b stations:
supported_rates=10 20 55 110 60 90 120 180 240 360 480 540
Forced Transmission Rate
This configuration item allows you to configure a transmission rate (in 100 kbps) that will be used for all unicast frames. Configuring this item will also prevent stations that do not support the forced rate from associating with the Access Point:
The rate must be one of the supported rates (supported_rates) defined in Rate Configuration above.
Note that the force_unicast_rate is only used for rate selection of TX frames; that is, STAs (stations) can still send frames at other supported rates and the AP will accept them.
Maximum Transmission Rate
This configuration item allows you to set a maximum limit on the transmission rate for the rate control algorithm in use. By default, this option is disabled (0) which allows any supported rate to be used.
If set, this option overrides rates in the supported rate set that are above the specified maximum transmission rate.
Example of setting a maximum transmission rate:
Minimum Association Rate
This configuration item allows you to set a minimum rate (in 100 kbps) required for association. If a client station does not support any rates equal to or greater than this rate, association will be rejected. If the minimum rate is set to 12 Mbps for a 802.11g Access Point, all 802.11b stations will be rejected.
Maximum Failure Percentage for Transmissions
This configuration item allows you to set the maximum acceptable failure percentage for transmitted packets (percentage of packets that failed even after all retry attempts). This can be used, for example, with Forced Transmission Rate to remove STAs that are not close enough to use the configured rate.
If the failure percentage is larger than tx_fail_percentage_limit, STA will be deauthenticated. This verification is done every tx_fail_interval seconds.
If either of these options is set to 0 (or not set in hostapd.conf), transmission failure limitation is disabled (this is the default).
Example of setting a maximum failure percentage of TX packets:
tx_fail_percentage_limit=20
Transmission Power
Under certain circumstances, you may require reduced transmit power of the AP. For example, you may have a situation where two radios are transmitting and receiving on nearby channels. To prevent one radio from interfering with the other, you may want to reduce its power.
|
Note
|
- It may be desirable to reduce the power output of the AP as a part of reducing interference from other types of RF-emitting devices. See IEEE 802.11h Support.
|
The tx_power_reduction configuration item reduces the power output of a radio by the value of tx_power_reduction in dBm (power level in decibels relative to 1milliWatt) is as follows:
tx_power = MIN(MaxPowerRegulatoryDomain, MaxPowerHardware)- tx_power_reduction
Where "MaxPowerRegulatoryDomain" is the maximum power level allowed in the current regulatory domain to which the Access Point is set and "MaxPowerHardware" is the maximum power level supported by the hardware.
This field can be entered in 0.1 dBm precision, but the hardware driver may round it when needed. For example, Atheros ar5212 driver uses 0.5 dBm precision.
The default for tx_power_reduction is 0:
(The tx_power_adjustment configuration item has been deprecated. Use tx_power_reduction instead.)
Antenna Diversity Configuration
If the wlan card is known to have two antenna connectors, antenna diversity (the default) may be used. This can improve performance of the AP by automatically selecting the best antenna for receive and transmit. However, if only one antenna is connected but there are two connectors (one is empty), it is recommended that antenna diversity be disabled.
Select Default Antenna
Select the default antenna number (1 or 2).
For example:
|
Note
|
Note that a default antenna must be set if antenna_mode is set to static.
|
Select Antenna Mode
Specify an antenna mode. The options are:
|
static
|
Always use default antenna.
|
|
omni_ap
|
Switch to another antenna in case of transmission failure, (This is the default setting.)
|
An example of setting antenna mode to static (and requisite default antenna):
Station Inactivity Limit
If a station does not transmit at all in ap_max_inactivity seconds, the AP sends an empty data frame to that station in order to verify whether it is still in range. If this frame is not acknowledged (ACKed), the station will be disassociated and then deauthenticated. This feature is used to clear station table of old entries when the STAs move out of the range.
The station can associate again with the AP if it is still in range; this inactivity poll is just used as a nicer way of verifying inactivity. That is, a client will not report a broken connection because disassociation frame is not sent immediately without first polling the STA with a data frame.
The default station inactivity limit is 300 seconds (that is, 5 minutes):
Station Inactivity Policy
By default, the policy is to assume a station is active if it acknowledges the poll frame, and to disassociate/deauthenticate stations that do not acknowledge.
You can also set the station inactivity policy to use ap_max_inactivity value as a direct time window after which non-ACK stations will be disassociated and deauthenticated.
