# management frames); ath0 for madwifi
interface=wlan0
-# In case of madwifi and nl80211 driver interfaces, an additional configuration
-# parameter, bridge, must be used to notify hostapd if the interface is
-# included in a bridge. This parameter is not used with Host AP driver.
+# In case of madwifi, atheros, and nl80211 driver interfaces, an additional
+# configuration parameter, bridge, may be used to notify hostapd if the
+# interface is included in a bridge. This parameter is not used with Host AP
+# driver. If the bridge parameter is not set, the drivers will automatically
+# figure out the bridge interface (assuming sysfs is enabled and mounted to
+# /sys) and this parameter may not be needed.
+#
+# For nl80211, this parameter can be used to request the AP interface to be
+# added to the bridge automatically (brctl may refuse to do this before hostapd
+# has been started to change the interface mode). If needed, the bridge
+# interface is also created.
#bridge=br0
-# Driver interface type (hostap/wired/madwifi/prism54/test/none/nl80211/bsd);
+# Driver interface type (hostap/wired/madwifi/test/none/nl80211/bsd);
# default: hostap). nl80211 is used with all Linux mac80211 drivers.
# Use driver=none if building hostapd as a standalone RADIUS server that does
# not control any wireless/wired driver.
#tx_queue_beacon_cwmax=7
#tx_queue_beacon_burst=1.5
-# 802.1D Tag to AC mappings
+# 802.1D Tag (= UP) to AC mappings
# WMM specifies following mapping of data frames to different ACs. This mapping
# can be configured using Linux QoS/tc and sch_pktpri.o module.
# 802.1D Tag 802.1D Designation Access Category WMM Designation
# 1 BK AC_BK Background
# 2 - AC_BK Background
# 0 BE AC_BE Best Effort
-# 3 EE AC_VI Video
+# 3 EE AC_BE Best Effort
# 4 CL AC_VI Video
# 5 VI AC_VI Video
# 6 VO AC_VO Voice
# note - here cwMin and cmMax are in exponent form. the actual cw value used
# will be (2^n)-1 where n is the value given here
#
-wme_enabled=1
+wmm_enabled=1
+#
+# WMM-PS Unscheduled Automatic Power Save Delivery [U-APSD]
+# Enable this flag if U-APSD supported outside hostapd (eg., Firmware/driver)
+#uapsd_advertisement_enabled=1
#
# Low priority / AC_BK = background
-wme_ac_bk_cwmin=4
-wme_ac_bk_cwmax=10
-wme_ac_bk_aifs=7
-wme_ac_bk_txop_limit=0
-wme_ac_bk_acm=0
+wmm_ac_bk_cwmin=4
+wmm_ac_bk_cwmax=10
+wmm_ac_bk_aifs=7
+wmm_ac_bk_txop_limit=0
+wmm_ac_bk_acm=0
# Note: for IEEE 802.11b mode: cWmin=5 cWmax=10
#
# Normal priority / AC_BE = best effort
-wme_ac_be_aifs=3
-wme_ac_be_cwmin=4
-wme_ac_be_cwmax=10
-wme_ac_be_txop_limit=0
-wme_ac_be_acm=0
+wmm_ac_be_aifs=3
+wmm_ac_be_cwmin=4
+wmm_ac_be_cwmax=10
+wmm_ac_be_txop_limit=0
+wmm_ac_be_acm=0
# Note: for IEEE 802.11b mode: cWmin=5 cWmax=7
#
# High priority / AC_VI = video
-wme_ac_vi_aifs=2
-wme_ac_vi_cwmin=3
-wme_ac_vi_cwmax=4
-wme_ac_vi_txop_limit=94
-wme_ac_vi_acm=0
+wmm_ac_vi_aifs=2
+wmm_ac_vi_cwmin=3
+wmm_ac_vi_cwmax=4
+wmm_ac_vi_txop_limit=94
+wmm_ac_vi_acm=0
# Note: for IEEE 802.11b mode: cWmin=4 cWmax=5 txop_limit=188
#
# Highest priority / AC_VO = voice
-wme_ac_vo_aifs=2
-wme_ac_vo_cwmin=2
-wme_ac_vo_cwmax=3
-wme_ac_vo_txop_limit=47
-wme_ac_vo_acm=0
+wmm_ac_vo_aifs=2
+wmm_ac_vo_cwmin=2
+wmm_ac_vo_cwmax=3
+wmm_ac_vo_txop_limit=47
+wmm_ac_vo_acm=0
# Note: for IEEE 802.11b mode: cWmin=3 cWmax=4 burst=102
# Static WEP key configuration
# default: 300 (i.e., 5 minutes)
#ap_max_inactivity=300
-# Enable/disable internal bridge for packets between associated stations.
-#
-# When IEEE 802.11 is used in managed mode, packets are usually send through
-# the AP even if they are from a wireless station to another wireless station.
-# This functionality requires that the AP has a bridge functionality that sends
-# frames back to the same interface if their destination is another associated
-# station. In addition, broadcast/multicast frames from wireless stations will
-# be sent both to the host system net stack (e.g., to eventually wired network)
-# and back to the wireless interface.
-#
-# The internal bridge is implemented within the wireless kernel module and it
-# bypasses kernel filtering (netfilter/iptables/ebtables). If direct
-# communication between the stations needs to be prevented, the internal
-# bridge can be disabled by setting bridge_packets=0.
-#
-# Note: If this variable is not included in hostapd.conf, hostapd does not
-# change the configuration and iwpriv can be used to set the value with
-# 'iwpriv wlan# param 10 0' command. If the variable is in hostapd.conf,
-# hostapd will override possible iwpriv configuration whenever configuration
-# file is reloaded.
-#
-# default: do not control from hostapd (80211.o defaults to 1=enabled)
-#bridge_packets=1
-
# Maximum allowed Listen Interval (how many Beacon periods STAs are allowed to
# remain asleep). Default: 65535 (no limit apart from field size)
#max_listen_interval=100
+# WDS (4-address frame) mode with per-station virtual interfaces
+# (only supported with driver=nl80211)
+# This mode allows associated stations to use 4-address frames to allow layer 2
+# bridging to be used.
+#wds_sta=1
+
##### IEEE 802.11n related configuration ######################################
# ieee80211n: Whether IEEE 802.11n (HT) is enabled
# 0 = disabled (default)
# 1 = enabled
+# Note: You will also need to enable WMM for full HT functionality.
#ieee80211n=1
# ht_capab: HT capabilities (list of flags)
# 5 GHz 40,48,56,64 36,44,52,60
# (depending on the location, not all of these channels may be available
# for use)
+# Please note that 40 MHz channels may switch their primary and secondary
+# channels if needed or creation of 40 MHz channel maybe rejected based
+# on overlapping BSSes. These changes are done automatically when hostapd
+# is setting up the 40 MHz channel.
# Spatial Multiplexing (SM) Power Save: [SMPS-STATIC] or [SMPS-DYNAMIC]
# (SMPS disabled if neither is set)
# HT-greenfield: [GF] (disabled if not set)
# "openssl dhparam -out /etc/hostapd.dh.pem 1024"
#dh_file=/etc/hostapd.dh.pem
+# Fragment size for EAP methods
+#fragment_size=1400
+
# Configuration data for EAP-SIM database/authentication gateway interface.
# This is a text string in implementation specific format. The example
# implementation in eap_sim_db.c uses this as the UNIX domain socket name for
# EAP-FAST authority identity (A-ID)
# A-ID indicates the identity of the authority that issues PACs. The A-ID
# should be unique across all issuing servers. In theory, this is a variable
-# length field, but due to some existing implementations required A-ID to be
+# length field, but due to some existing implementations requiring A-ID to be
# 16 octets in length, it is strongly recommended to use that length for the
-# field to provided interoperability with deployed peer implementation. This
+# field to provid interoperability with deployed peer implementations. This
# field is configured in hex format.
#eap_fast_a_id=101112131415161718191a1b1c1d1e1f
# And so on.. One line per R0KH.
# List of R1KHs in the same Mobility Domain
-# format: <MAC address> <R0KH-ID> <128-bit key as hex string>
+# format: <MAC address> <R1KH-ID> <128-bit key as hex string>
# This list is used to map R1KH-ID to a destination MAC address when sending
# PMK-R1 key from the R0KH. This is also the list of authorized R1KHs in the MD
# that can request PMK-R1 keys.
# 1 = push PMK-R1 to all configured R1KHs whenever a new PMK-R0 is derived
#pmk_r1_push=1
-##### Passive scanning ########################################################
-# Scan different channels every N seconds. 0 = disable passive scanning.
-#passive_scan_interval=60
-
-# Listen N usecs on each channel when doing passive scanning.
-# This value plus the time needed for changing channels should be less than
-# 32 milliseconds (i.e. 32000 usec) to avoid interruptions to normal
-# operations. Time needed for channel changing varies based on the used wlan
-# hardware.
-# default: disabled (0)
-#passive_scan_listen=10000
-
-# Passive scanning mode:
-# 0 = scan all supported modes (802.11a/b/g/Turbo) (default)
-# 1 = scan only the mode that is currently used for normal operations
-#passive_scan_mode=1
-
-# Maximum number of entries kept in AP table (either for passive scanning or
-# for detecting Overlapping Legacy BSS Condition). The oldest entry will be
+##### Neighbor table ##########################################################
+# Maximum number of entries kept in AP table (either for neigbor table or for
+# detecting Overlapping Legacy BSS Condition). The oldest entry will be
# removed when adding a new entry that would make the list grow over this
-# limit. Note! Wi-Fi certification for IEEE 802.11g requires that OLBC is
+# limit. Note! WFA certification for IEEE 802.11g requires that OLBC is
# enabled, so this field should not be set to 0 when using IEEE 802.11g.
# default: 255
#ap_table_max_size=255
# Config Methods
# List of the supported configuration methods
-#config_methods=label display push_button keypad
+# Available methods: usba ethernet label display ext_nfc_token int_nfc_token
+# nfc_interface push_button keypad virtual_display physical_display
+# virtual_push_button physical_push_button
+#config_methods=label virtual_display virtual_push_button keypad
-# Access point PIN for initial configuration and adding Registrars
+# Static access point PIN for initial configuration and adding Registrars
# If not set, hostapd will not allow external WPS Registrars to control the
-# access point.
+# access point. The AP PIN can also be set at runtime with hostapd_cli
+# wps_ap_pin command. Use of temporary (enabled by user action) and random
+# AP PIN is much more secure than configuring a static AP PIN here. As such,
+# use of the ap_pin parameter is not recommended if the AP device has means for
+# displaying a random PIN.
#ap_pin=12345670
# Skip building of automatic WPS credential
# 12-digit, all-numeric code that identifies the consumer package.
#upc=123456789012
+##### Wi-Fi Direct (P2P) ######################################################
+
+# Enable P2P Device management
+#manage_p2p=1
+
+# Allow cross connection
+#allow_cross_connection=1
+
##### Multiple BSSID support ##################################################
#
# Above configuration is using the default interface (wlan#, or multi-SSID VLAN
# hostapd will generate BSSID mask based on the BSSIDs that are
# configured. hostapd will verify that dev_addr & MASK == dev_addr. If this is
# not the case, the MAC address of the radio must be changed before starting
-# hostapd (ifconfig wlan0 hw ether <MAC addr>).
+# hostapd (ifconfig wlan0 hw ether <MAC addr>). If a BSSID is configured for
+# every secondary BSS, this limitation is not applied at hostapd and other
+# masks may be used if the driver supports them (e.g., swap the locally
+# administered bit)
#
# BSSIDs are assigned in order to each BSS, unless an explicit BSSID is
# specified using the 'bssid' parameter.