Hostapd

Hostapd (Host access point daemon) is a user space software access point capable of turning normal network interface cards into access points and authentication servers. The current version supports Linux (Host AP, madwifi, mac80211-based drivers) and FreeBSD (net80211).^[1]

Scope of this document

Hostapd can do a lot of things, but only its most basic aspects will be covered in this article.

Requirement

A WiFi card with AP mode support is needed:

        Supported interface modes:
                 * IBSS
                 * managed
                 * AP
                 * AP/VLAN
                 * WDS
                 * monitor
                 * P2P-client
                 * P2P-GO

WiFi Technology

A brief reminder of the technology involved.

802.11

Frequency Bands

Access Point

• An AP is like a wireless switch;
• An AP can only use one band at a time: 2.4GHz OR 5GHz, a so-called "dual-band AP" is just one AP at 2.4GHz plus one at 5GHz;
• An AP using the 2.4GHz band can be b, g and n at the same time (if the hardware supports it);
• An AP using the 5GHz band can be a, n and ac at the same time (if the hardware supports it);
• An AP can have multiple SSIDs, making it look like multiple APs, but all will share the same band AND channel.

Capabilities of Hostapd

What it can do

• Create an AP;
• Create multiple APs on the same card (if the card supports it, usually up to 8);
• Create one AP on one card and another AP on a second card, all within a single instance of Hostapd;
• Use 2.4GHz and 5GHz at the same time on the same card. This requires a card with two radios though, which is pretty rare (but hostapd supports it) - if the card creates two wlanX interfaces, you might be lucky;

What it cannot do

• Create multiple APs on different channels on the same card. Multiple APs on the same card will share the same channel;
• Create a dual-band AP, even with two cards. But it can create two APs with the same SSID;
• Assign IPs to the devices connecting to the AP, a dhcp server is needed for that;
• Assign an IP to the AP itself, it is not hostapd's job to do that;

IP, DHCP, and Routing

Hostapd only creates wireless Ethernet switches, it does not know about the IP protocol or routing.

IP of the AP

An AP's interface really is just an Ethernet interface:

(...)
modules_wlan0="!iwconfig !wpa_supplicant" # by default wireless interfaces are assumed to be clients, not APs
config_wlan0="192.168.42.1/24"                   # the AP's IP and network

DHCP

A DHCP server listening on the AP's interface will provide the AP's clients with IPs.

Routing

Nothing special about routing an AP, it behaves exactly like an Ethernet interface.

Sample configurations

802.11b/g/n with WPA2-PSK and CCMP

A simple but secure AP with maximal compatibility for current hardware:

interface=wlan0       # the interface used by the AP
hw_mode=g             # g simply means 2.4GHz band
channel=10            # the channel to use
ieee80211d=1          # limit the frequencies used to those allowed in the country
country_code=FR       # the country code
ieee80211n=1          # 802.11n support
wmm_enabled=1         # QoS support

ssid=somename         # the name of the AP
auth_algs=1           # 1=wpa, 2=wep, 3=both
wpa=2                 # WPA2 only
wpa_key_mgmt=WPA-PSK  
rsn_pairwise=CCMP
wpa_passphrase=somepassword

802.11a/n/ac with WPA2-PSK and CCMP

A simple but secure AP for recent hardware:

interface=wlan0       # the interface used by the AP
hw_mode=a             # a simply means 5GHz
channel=0             # the channel to use, 0 means the AP will search for the channel with the least interferences 
ieee80211d=1          # limit the frequencies used to those allowed in the country
country_code=FR       # the country code
ieee80211n=1          # 802.11n support
ieee80211ac=1         # 802.11ac support
wmm_enabled=1         # QoS support

ssid=somename         # the name of the AP
auth_algs=1           # 1=wpa, 2=wep, 3=both
wpa=2                 # WPA2 only
wpa_key_mgmt=WPA-PSK 
rsn_pairwise=CCMP
wpa_passphrase=somepassword

802.11b/g/n triple AP

Three APs on the same card, one with WPA2, one with WPA1, one without encryption.

Hostapd automatically creates new interfaces for the extra APs:

interface=wlan0       # the interface used by the AP
hw_mode=g             # g simply means 2.4GHz
channel=10            # the channel to use
ieee80211d=1          # limit the frequencies used to those allowed in the country
country_code=FR       # the country code
ieee80211n=1          # 802.11n support
wmm_enabled=1         # QoS support

# First AP
ssid=test1            # the name of the AP
auth_algs=1           # 1=wpa, 2=wep, 3=both
wpa=2                 # WPA2 only
wpa_key_mgmt=WPA-PSK 
rsn_pairwise=CCMP
wpa_passphrase=somepassword

# Seconf AP
bss=wlan1             # the name of the new interface hostapd will create to handle this AP 
ssid=test2            # the name of the AP
auth_algs=1           # 1=wpa, 2=wep, 3=both
wpa=1                 # WPA1 only
wpa_key_mgmt=WPA-PSK 
wpa_passphrase=someotherpassword

# Third AP
bss=wlan2             # the name of the new interface hostapd will create to handle this AP 
ssid=test3
# since there is no encryption defined, none will be used

Troubleshooting

Dynamic Frequency Control (DFS) for 802.11ac

802.11ac works on the 5Ghz band but so do radars, in most countries this means DFS is mandatory to avoid jamming.

Unfortunately this is currently only supported by the following linux drivers:

• ath5k
• ath9k
• ath10k

External resources

• DFS explained on Wikipedia
• Status of DFS support in Linux drivers

References