Untitled

 the SSID is changed.
# wpa_psk (dot11RSNAConfigPSKValue)
# wpa_passphrase (dot11RSNAConfigPSKPassPhrase)
#wpa_psk=0123456789abcdef0123456789abcdef0123456789abc
def0123456789abcdef
wpa_passphrase=18071952

# Optionally, WPA PSKs can be read from a separate tex
t file (containing list
# of (PSK,MAC address) pairs. This allows more than on
e PSK to be configured.
# Use absolute path name to make sure that the files c
an be read on SIGHUP
# configuration reloads.
#wpa_psk_file=/etc/hostapd.wpa_psk

# Optionally, WPA passphrase can be received from RADI
US authentication server
# This requires macaddr_acl to be set to 2 (RADIUS)
# 0 = disabled (default)
# 1 = optional; use default passphrase/psk if RADIUS s
erver does not include
#       Tunnel-Password
# 2 = required; reject authentication if RADIUS server
 does not include
#       Tunnel-Password
#wpa_psk_radius=0

# Set of accepted key management algorithms (WPA-PSK,
WPA-EAP, or both). The
# entries are separated with a space. WPA-PSK-SHA256 a
nd WPA-EAP-SHA256 can be
# added to enable SHA256-based stronger algorithms.
# (dot11RSNAConfigAuthenticationSuitesTable)
#wpa_key_mgmt=WPA-PSK WPA-EAP

# Set of accepted cipher suites (encryption algorithms
) for pairwise keys
# (unicast packets). This is a space separated list of
 algorithms:
# CCMP = AES in Counter mode with CBC-MAC [RFC 3610, I
EEE 802.11i/D7.0]
# TKIP = Temporal Key Integrity Protocol [IEEE 802.11i
/D7.0]
# Group cipher suite (encryption algorithm for broadca
st and multicast frames)
# is automatically selected based on this configuratio
n. If only CCMP is
# allowed as the pairwise cipher, group cipher will al
so be CCMP. Otherwise,
# TKIP will be used as the group cipher.
# (dot11RSNAConfigPairwiseCiphersTable)
# Pairwise cipher for WPA (v1) (default: TKIP)
#wpa_pairwise=TKIP CCMP
# Pairwise cipher for RSN/WPA2 (default: use wpa_pairw
ise value)
#rsn_pairwise=CCMP

# Time interval for rekeying GTK (broadcast/multicast
encryption keys) in
# seconds. (dot11RSNAConfigGroupRekeyTime)
#wpa_group_rekey=600

# Rekey GTK when any STA that possesses the current GT
K is leaving the BSS.
# (dot11RSNAConfigGroupRekeyStrict)
#wpa_strict_rekey=1

# Time interval for rekeying GMK (master key used inte
rnally to generate GTKs
# (in seconds).
#wpa_gmk_rekey=86400

# Maximum lifetime for PTK in seconds. This can be use
d to enforce rekeying of
# PTK to mitigate some attacks against TKIP deficienci
es.
#wpa_ptk_rekey=600

# Enable IEEE 802.11i/RSN/WPA2 pre-authentication. Thi
s is used to speed up
# roaming be pre-authenticating IEEE 802.1X/EAP part o
f the full RSN
# authentication and key handshake before actually ass
ociating with a new AP.
# (dot11RSNAPreauthenticationEnabled)
#rsn_preauth=1
#
# Space separated list of interfaces from which pre-au
thentication frames are
# accepted (e.g., 'eth0' or 'eth0 wlan0wds0'. This lis
t should include all
# interface that are used for connections to other APs
. This could include
# wired interfaces and WDS links. The normal wireless
data interface towards
# associated stations (e.g., wlan0) should not be adde
d, since
# pre-authentication is only used with APs other than
the currently associated
# one.
#rsn_preauth_interfaces=eth0

# peerkey: Whether PeerKey negotiation for direct link
s (IEEE 802.11e) is
# allowed. This is only used with RSN/WPA2.
# 0 = disabled (default)
# 1 = enabled
#peerkey=1

# ieee80211w: Whether management frame protection (MFP
) is enabled
# 0 = disabled (default)
# 1 = optional
# 2 = required
#ieee80211w=0

# Group management cipher suite
# Default: AES-128-CMAC (BIP)
# Other options (depending on driver support):
# BIP-GMAC-128
# BIP-GMAC-256
# BIP-CMAC-256
# Note: All the stations connecting to the BSS will al
so need to support the
# selected cipher. The default AES-128-CMAC is the onl
y option that is commonly
# available in deployed devices.
#group_mgmt_cipher=AES-128-CMAC

# Association SA Query maximum timeout (in TU = 1.024
ms; for MFP)
# (maximum time to wait for a SA Query response)
# dot11AssociationSAQueryMaximumTimeout, 1...429496729
5
#assoc_sa_query_max_timeout=1000

# Association SA Query retry timeout (in TU = 1.024 ms
; for MFP)
# (time between two subsequent SA Query requests)
# dot11AssociationSAQueryRetryTimeout, 1...4294967295
#assoc_sa_query_retry_timeout=201

# disable_pmksa_caching: Disable PMKSA caching
# This parameter can be used to disable caching of PMK
SA created through EAP
# authentication. RSN preauthentication may still end
up using PMKSA caching if
# it is enabled (rsn_preauth=1).
# 0 = PMKSA caching enabled (default)
# 1 = PMKSA caching disabled
#disable_pmksa_caching=0

# okc: Opportunistic Key Caching (aka Proactive Key Ca
ching)
# Allow PMK cache to be shared opportunistically among
 configured interfaces
# and BSSes (i.e., all configurations within a single
hostapd process).
# 0 = disabled (default)
# 1 = enabled
#okc=1

# SAE threshold for anti-clogging mechanism (dot11RSNA
SAEAntiCloggingThreshold)
# This parameter defines how many open SAE instances c
an be in progress at the
# same time before the anti-clogging mechanism is take
n into use.
#sae_anti_clogging_threshold=5

# Enabled SAE finite cyclic groups
# SAE implementation are required to support group 19
(ECC group defined over a
# 256-bit prime order field). All groups that are supp
orted by the
# implementation are enabled by default. This configur
ation parameter can be
# used to specify a limited set of allowed groups. The
 group values are listed
# in the IANA registry:
# http://www.iana.org/assignments/ipsec-registry/ipsec
-registry.xml#ipsec-registry-9
#sae_groups=19 20 21 25 26

##### IEEE 802.11r configuration #####################
#########################

# Mobility Domain identifier (dot11FTMobilityDomainID,
 MDID)
# MDID is used to indicate a group of APs (within an E
SS, i.e., sharing the
# same SSID) between which a STA can use Fast BSS Tran
sition.
# 2-octet identifier as a hex string.
#mobility_domain=a1b2

# PMK-R0 Key Holder identifier (dot11FTR0KeyHolderID)
# 1 to 48 octet identifier.
# This is configured with nas_identifier (see RADIUS c
lient section above).

# Default lifetime of the PMK-RO in minutes; range 1..
65535
# (dot11FTR0KeyLifetime)
#r0_key_lifetime=10000

# PMK-R1 Key Holder identifier (dot11FTR1KeyHolderID)
# 6-octet identifier as a hex string.
#r1_key_holder=000102030405

# Reassociation deadline in time units (TUs / 1.024 ms
; range 1000..65535)
# (dot11FTReassociationDeadline)
#reassociation_deadline=1000

# List of R0KHs in the same Mobility Domain
# format: <MAC address> <NAS Identifier> <128-bit key
as hex string>
# This list is used to map R0KH-ID (NAS Identifier) to
 a destination MAC
# address when requesting PMK-R1 key from the R0KH tha
t the STA used during the
# Initial Mobility Domain Association.
#r0kh=02:01:02:03:04:05 r0kh-1.example.com 00010203040
5060708090a0b0c0d0e0f
#r0kh=02:01:02:03:04:06 r0kh-2.example.com 00112233445
566778899aabbccddeeff
# And so on.. One line per R0KH.

# List of R1KHs in the same Mobility Domain
# format: <MAC address> <R1KH-ID> <128-bit key as hex
string>
# This list is used to map R1KH-ID to a destination MA
C address when sending
# PMK-R1 key from the R0KH. This is also the list of a
uthorized R1KHs in the MD
# that can request PMK-R1 keys.
#r1kh=02:01:02:03:04:05 02:11:22:33:44:55 000102030405
060708090a0b0c0d0e0f
#r1kh=02:01:02:03:04:06 02:11:22:33:44:66 001122334455
66778899aabbccddeeff
# And so on.. One line per R1KH.

# Whether PMK-R1 push is enabled at R0KH
# 0 = do not push PMK-R1 to all configured R1KHs (defa
ult)
# 1 = push PMK-R1 to all configured R1KHs whenever a n
ew PMK-R0 is derived
#pmk_r1_push=1

##### Neighbor table #################################
#########################
# Maximum number of entries kept in AP table (either f
or neigbor table or for
# detecting Overlapping Legacy BSS Condition). The old
est entry will be
# removed when adding a new entry that would make the
list grow over this
# limit. Note! WFA certification for IEEE 802.11g requ
ires that OLBC is
# enabled, so this field should not be set to 0 when u
sing IEEE 802.11g.
# default: 255
#ap_table_max_size=255

# Number of seconds of no frames received after which
entries may be deleted
# from the AP table. Since passive scanning is not usu
ally performed frequently
# this should not be set to very small value. In addit
ion, there is no
# guarantee that every scan cycle will receive beacon
frames from the
# neighboring APs.
# default: 60
#ap_table_expiration_time=3600


##### Wi-Fi Protected Setup (WPS) ####################
#########################

# WPS state
# 0 = WPS disabled (default)
# 1 = WPS enabled, not configured
# 2 = WPS enabled, configured
#wps_state=2

# Whether to manage this interface independently from
other WPS interfaces
# By default, a single hostapd process applies WPS ope
rations to all configured
# interfaces. This parameter can be used to disable th
at behavior for a subset
# of interfaces. If this is set to non-zero for an int
erface, WPS commands
# issued on that interface do not apply to other inter
faces and WPS operations
# performed on other interfaces do not affect this int
erface.
#wps_independent=0

# AP can be configured into a locked state where new W
PS Registrar are not
# accepted, but previously authorized Registrars (incl
uding the internal one)
# can continue to add new Enrollees.
#ap_setup_locked=1

# Universally Unique IDentifier (UUID; see RFC 4122) o
f the device
# This value is used as the UUID for the internal WPS
Registrar. If the AP
# is also using UPnP, this value should be set to the
device's UPnP UUID.
# If not configured, UUID will be generated based on t
he local MAC address.
#uuid=12345678-9abc-def0-1234-56789abcdef0

# Note: If wpa_psk_file is set, WPS is used to generat
e random, per-device PSKs
# that will be appended to the wpa_psk_file. If wpa_ps
k_file is not set, the
# default PSK (wpa_psk/wpa_passphrase) will be deliver
ed to Enrollees. Use of
# per-device PSKs is recommended as the more secure op
tion (i.e., make sure to
# set wpa_psk_file when using WPS with WPA-PSK).

# When an Enrollee requests access to the network with
 PIN method, the Enrollee
# PIN will need to be entered for the Registrar. PIN r
equest notifications are
# sent to hostapd ctrl_iface monitor. In addition, the
y can be written to a
# text file that could be used, e.g., to populate the
AP administration UI with
# pending PIN requests. If the following variable is s
et, the PIN requests will
# be written to the configured file.
#wps_pin_requests=/var/run/hostapd_wps_pin_requests

# Device Name
# User-friendly description of device; up to 32 octets
 encoded in UTF-8
#device_name=Wireless AP

# Manufacturer
# The manufacturer of the device (up to 64 ASCII chara
cters)
#manufacturer=Company

# Model Name
# Model of the device (up to 32 ASCII characters)
#model_name=WAP

# Model Number
# Additional device description (up to 32 ASCII charac
ters)
#model_number=123

# Serial Number
# Serial number of the device (up to 32 characters)
#serial_number=12345

# Primary Device Type
# Used format: <categ>-<OUI>-<subcateg>
# categ = Category as an integer value
# OUI = OUI and type octet as a 4-octet hex-encoded va
lue; 0050F204 for
#       default WPS OUI
# subcateg = OUI-specific Sub Category as an integer v
alue
# Examples:
#   1-0050F204-1 (Computer / PC)
#   1-0050F204-2 (Computer / Server)
#   5-0050F204-1 (Storage / NAS)
#   6-0050F204-1 (Network Infrastructure / AP)
#device_type=6-0050F204-1

# OS Version
# 4-octet operating system version number (hex string)
#os_version=01020300

# Config Methods
# List of the supported configuration methods
# Available methods: usba ethernet label display ext_n
fc_token int_nfc_token
#       nfc_interface push_button keypad virtual_displ
ay physical_display
#       virtual_push_button physical_push_button
#config_methods=label virtual_display virtual_push_but
ton keypad

# WPS capability discovery workaround for PBC with Win
dows 7
# Windows 7 uses incorrect way of figuring out AP's WP
S capabilities by acting
# as a Registrar and using M1 from the AP. The config
methods attribute in that
# message is supposed to indicate only the configurati
on method supported by
# the AP in Enrollee role, i.e., to add an external Re
gistrar. For that case,
# PBC shall not be used and as such, the PushButton co
nfig method is removed
# from M1 by default. If pbc_in_m1=1 is included in th
e configuration file,
# the PushButton config method is left in M1 (if inclu
ded in config_methods
# parameter) to allow Windows 7 to use PBC instead of
PIN (e.g., from a label
# in the AP).
#pbc_in_m1=1

# Static access point PIN for initial configuration an
d adding Registrars
# If not set, hostapd will not allow external WPS Regi
strars to control the
# access point. The AP PIN can also be set at runtime
with hostapd_cli
# wps_ap_pin command. Use of temporary (enabled by use
r action) and random
# AP PIN is much more secure than configuring a static
 AP PIN here. As such,
# use of the ap_pin parameter is not recommended if th
e AP device has means for
# displaying a random PIN.
#ap_pin=12345670

# Skip building of automatic WPS credential
# This can be used to allow the automatically generate
d Credential attribute to
# be replaced with pre-configured Credential(s).
#skip_cred_build=1

# Additional Credential attribute(s)
# This option can be used to add pre-configured Creden
tial attributes into M8
# message when acting as a Registrar. If skip_cred_bui
ld=1, this data will also
# be able to override the Credential attribute that wo
uld have otherwise been
# automatically generated based on network configurati
on. This configuration
# option points to an external file that much contain
the WPS Credential
# attribute(s) as binary data.
#extra_cred=hostapd.cred

# Credential processing
#   0 = process received credentials internally (defau
lt)
#   1 = do not process received credentials; just pass
 them over ctrl_iface to
#       external program(s)
#   2 = process received credentials internally and pa
ss them over ctrl_iface
#       to external program(s)
# Note: With wps_cred_processing=1, skip_cred_build sh
ould be set to 1 and
# extra_cred be used to provide the Credential data fo
r Enrollees.
#
# wps_cred_processing=1 will disabled automatic update
s of hostapd.conf file
# both for Credential processing and for marking AP Se
tup Locked based on
# validation failures of AP PIN. An external program i
s responsible on updating
# the configuration appropriately in this case.
#wps_cred_processing=0

# AP Settings Attributes for M7
# By default, hostapd generates the AP Settings Attrib
utes for M7 based on the
# current configuration. It is possible to override th
is by providing a file
# with pre-configured attributes. This is similar to e
xtra_cred file format,
# but the AP Settings attributes are not encapsulated
in a Credential
# attribute.
#ap_settings=hostapd.ap_settings

# WPS UPnP interface
# If set, support for external Registrars is enabled.
#upnp_iface=br0

# Friendly Name (required for UPnP)
# Short description for end use. Should be less than 6
4 characters.
#friendly_name=WPS Access Point

# Manufacturer URL (optional for UPnP)
#manufacturer_url=http://www.example.com/

# Model Description (recommended for UPnP)
# Long description for end user. Should be less than 1
28 characters.
#model_description=Wireless Access Point

# Model URL (optional for UPnP)
#model_url=http://www.example.com/model/

# Universal Product Code (optional for UPnP)
# 12-digit, all-numeric code that identifies the consu
mer package.
#upc=123456789012

# WPS RF Bands (a = 5G, b = 2.4G, g = 2.4G, ag = dual
band)
# This value should be set according to RF band(s) sup
ported by the AP if
# hw_mode is not set. For dual band dual concurrent de
vices, this needs to be
# set to ag to allow both RF bands to be advertized.
#wps_rf_bands=ag

# NFC password token for WPS
# These parameters can be used to configure a fixed NF
C password token for the
# AP. This can be generated, e.g., with nfc_pw_token f
rom wpa_supplicant. When
# these parameters are used, the AP is assumed to be d
eployed with a NFC tag
# that includes the matching NFC password token (e.g.,
 written based on the
# NDEF record from nfc_pw_token).
#
#wps_nfc_dev_pw_id: Device Password ID (16..65535)
#wps_nfc_dh_pubkey: Hexdump of DH Public Key
#wps_nfc_dh_privkey: Hexdump of DH Private Key
#wps_nfc_dev_pw: Hexdump of Device Password

##### Wi-Fi Direct (P2P) #############################
#########################

# Enable P2P Device management
#manage_p2p=1

# Allow cross connection
#allow_cross_connection=1

#### TDLS (IEEE 802.11z-2010) ########################
#########################

# Prohibit use of TDLS in this BSS
#tdls_prohibit=1

# Prohibit use of TDLS Channel Switching in this BSS
#tdls_prohibit_chan_switch=1

##### IEEE 802.11v-2011 ##############################
#########################

# Time advertisement
# 0 = disabled (default)
# 2 = UTC time at which the TSF timer is 0
#time_advertisement=2

# Local time zone as specified in 8.3 of IEEE Std 1003
.1-2004:
# stdoffset[dst[offset][,start[/time],end[/time]]]
#time_zone=EST5

# WNM-Sleep Mode (extended sleep mode for stations)
# 0 = disabled (default)
# 1 = enabled (allow stations to use WNM-Sleep Mode)
#wnm_sleep_mode=1

# BSS Transition Management
# 0 = disabled (default)
# 1 = enabled
#bss_transition=1

##### IEEE 802.11u-2011 ##############################
#########################

# Enable Interworking service
#interworking=1

# Access Network Type
# 0 = Private network
# 1 = Private network with guest access
# 2 = Chargeable public network
# 3 = Free public network
# 4 = Personal device network
# 5 = Emergency services only network
# 14 = Test or experimental
# 15 = Wildcard
#access_network_type=0

# Whether the network provides connectivity to the Int
ernet
# 0 = Unspecified
# 1 = Network provides connectivity to the Internet
#internet=1

# Additional Step Required for Access
# Note: This is only used with open network, i.e., ASR
A shall ne set to 0 if
# RSN is used.
#asra=0

# Emergency services reachable
#esr=0

# Unauthenticated emergency service accessible
#uesa=0

# Venue Info (optional)
# The available values are defined in IEEE Std 802.11u
-2011, 7.3.1.34.
# Example values (group,type):
# 0,0 = Unspecified
# 1,7 = Convention Center
# 1,13 = Coffee Shop
# 2,0 = Unspecified Business
# 7,1  Private Residence
#venue_group=7
#venue_type=1

# Homogeneous ESS identifier (optional; dot11HESSID)
# If set, this shall be identifical to one of the BSSI
Ds in the homogeneous
# ESS and this shall be set to the same value across a
ll BSSs in homogeneous
# ESS.
#hessid=02:03:04:05:06:07

# Roaming Consortium List
# Arbitrary number of Roaming Consortium OIs can be co
nfigured with each line
# adding a new OI to the list. The first three entries
 are available through
# Beacon and Probe Response frames. Any additional ent
ry will be available only
# through ANQP queries. Each OI is between 3 and 15 oc
tets and is configured as
# a hexstring.
#roaming_consortium=021122
#roaming_consortium=2233445566

# Venue Name information
# This parameter can be used to configure one or more
Venue Name Duples for
# Venue Name ANQP information. Each entry has a two or
 three character language
# code (ISO-639) separated by colon from the venue nam
e string.
# Note that venue_group and venue_type have to be set
for Venue Name
# information to be complete.
#venue_name=eng:Example venue
#venue_name=fin:Esimerkkipaikka
# Alternative format for language:value strings:
# (double quoted string, printf-escaped string)
#venue_name=P"eng:Example\nvenue"

# Network Authentication Type
# This parameter indicates what type of network authen
tication is used in the
# network.
# format: <network auth type indicator (1-octet hex st
r)> [redirect URL]
# Network Authentication Type Indicator values:
# 00 = Acceptance of terms and conditions
# 01 = On-line enrollment supported
# 02 = http/https redirection
# 03 = DNS redirection
#network_auth_type=00
#network_auth_type=02http://www.example.com/redirect/m
e/here/

# IP Address Type Availability
# format: <1-octet encoded value as hex str>
# (ipv4_type & 0x3f) << 2 | (ipv6_type & 0x3)
# ipv4_type:
# 0 = Address type not available
# 1 = Public IPv4 address available
# 2 = Port-restricted IPv4 address available
# 3 = Single NATed private IPv4 address available
# 4 = Double NATed private IPv4 address available
# 5 = Port-restricted IPv4 address and single NATed IP
v4 address available
# 6 = Port-restricted IPv4 address and double NATed IP
v4 address available
# 7 = Availability of the address type is not known
# ipv6_type:
# 0 = Address type not available
# 1 = Address type available
# 2 = Availability of the address type not known
#ipaddr_type_availability=14

# Domain Name
# format: <variable-octet str>[,<variable-octet str>]
#domain_name=example.com,another.example.com,yet-anoth
er.example.com

# 3GPP Cellular Network information
# format: <MCC1,MNC1>[;<MCC2,MNC2>][;...]
#anqp_3gpp_cell_net=244,91;310,026;234,56

# NAI Realm information
# One or more realm can be advertised. Each nai_realm
line adds a new realm to
# the set. These parameters provide information for st
ations using Interworking
# network selection to allow automatic connection to a
 network based on
# credentials.
# format: <encoding>,<NAI Realm(s)>[,<EAP Method 1>][,
<EAP Method 2>][,...]
# encoding:
#       0 = Realm formatted in accordance with IETF RF
C 4282
#       1 = UTF-8 formatted character string that is n
ot formatted in
#           accordance with IETF RFC 4282
# NAI Realm(s): Semi-colon delimited NAI Realm(s)
# EAP Method: <EAP Method>[:<[AuthParam1:Val1]>][<[Aut
hParam2:Val2]>][...]
# EAP Method types, see:
# http://www.iana.org/assignments/eap-numbers/eap-numb
ers.xhtml#eap-numbers-4
# AuthParam (Table 8-188 in IEEE Std 802.11-2012):
# ID 2 = Non-EAP Inner Authentication Type
#       1 = PAP, 2 = CHAP, 3 = MSCHAP, 4 = MSCHAPV2
# ID 3 = Inner authentication EAP Method Type
# ID 5 = Credential Type
#       1 = SIM, 2 = USIM, 3 = NFC Secure Element, 4 =
 Hardware Token,
#       5 = Softoken, 6 = Certificate, 7 = username/pa
ssword, 9 = Anonymous,
#       10 = Vendor Specific
#nai_realm=0,example.com;example.net
# EAP methods EAP-TLS with certificate and EAP-TTLS/MS
CHAPv2 with
# username/password
#nai_realm=0,example.org,13[5:6],21[2:4][5:7]

# QoS Map Set configuration
#
# Comma delimited QoS Map Set in decimal values
# (see IEEE Std 802.11-2012, 8.4.2.97)
#
# format:
# [<DSCP Exceptions[DSCP,UP]>,]<UP 0 range[low,high]>,
...<UP 7 range[low,high]>
#
# There can be up to 21 optional DSCP Exceptions which
 are pairs of DSCP Value
# (0..63 or 255) and User Priority (0..7). This is fol
lowed by eight DSCP Range
# descriptions with DSCP Low Value and DSCP High Value
 pairs (0..63 or 255) for
# each UP starting from 0. If both low and high value
are set to 255, the
# corresponding UP is not used.
#
# default: not set
#qos_map_set=53,2,22,6,8,15,0,7,255,255,16,31,32,39,25
5,255,40,47,255,255

##### Hotspot 2.0 ####################################
#########################

# Enable Hotspot 2.0 support
#hs20=1

# Disable Downstream Group-Addressed Forwarding (DGAF)
# This can be used to configure a network where no gro
up-addressed frames are
# allowed. The AP will not forward any group-address f
rames to the stations and
# random GTKs are issued for each station to prevent a
ssociated stations from
# forging such frames to other stations in the BSS.
#disable_dgaf=1

# OSU Server-Only Authenticated L2 Encryption Network
#osen=1

# ANQP Domain ID (0..65535)
# An identifier for a set of APs in an ESS that share
the same common ANQP
# information. 0 = Some of the ANQP information is uni
que to this AP (default).
#anqp_domain_id=1234

# Deauthentication request timeout
# If the RADIUS server indicates that the station is n
ot allowed to connect to
# the BSS/ESS, the AP can allow the station some time
to download a
# notification page (URL included in the message). Thi
s parameter sets that
# timeout in seconds.
#hs20_deauth_req_timeout=60

# Operator Friendly Name
# This parameter can be used to configure one or more
Operator Friendly Name
# Duples. Each entry has a two or three character lang
uage code (ISO-639)
# separated by colon from the operator friendly name s
tring.
#hs20_oper_friendly_name=eng:Example operator
#hs20_oper_friendly_name=fin:Esimerkkioperaattori

# Connection Capability
# This can be used to advertise what type of IP traffi
c can be sent through the
# hotspot (e.g., due to firewall allowing/blocking pro
tocols/ports).
# format: <IP Protocol>:<Port Number>:<Status>
# IP Protocol: 1 = ICMP, 6 = TCP, 17 = UDP
# Port Number: 0..65535
# Status: 0 = Closed, 1 = Open, 2 = Unknown
# Each hs20_conn_capab line is added to the list of ad
vertised tuples.
#hs20_conn_capab=1:0:2
#hs20_conn_capab=6:22:1
#hs20_conn_capab=17:5060:0

# WAN Metrics
# format: <WAN Info>:<DL Speed>:<UL Speed>:<DL Load>:<
UL Load>:<LMD>
# WAN Info: B0-B1: Link Status, B2: Symmetric Link, B3
: At Capabity
#    (encoded as two hex digits)
#    Link Status: 1 = Link up, 2 = Link down, 3 = Link
 in test state
# Downlink Speed: Estimate of WAN backhaul link curren
t downlink speed in kbps;
#       1..4294967295; 0 = unknown
# Uplink Speed: Estimate of WAN backhaul link current
uplink speed in kbps
#       1..4294967295; 0 = unknown
# Downlink Load: Current load of downlink WAN connecti
on (scaled to 255 = 100%)
# Uplink Load: Current load of uplink WAN connection (
scaled to 255 = 100%)
# Load Measurement Duration: Duration for measuring do
wnlink/uplink load in
# tenths of a second (1..65535); 0 if load cannot be d
etermined
#hs20_wan_metrics=01:8000:1000:80:240:3000

# Operating Class Indication
# List of operating classes the BSSes in this ESS use.
 The Global operating
# classes in Table E-4 of IEEE Std 802.11-2012 Annex E
 define the values that
# can be used in this.
# format: hexdump of operating class octets
# for example, operating classes 81 (2.4 GHz channels
1-13) and 115 (5 GHz
# channels 36-48):
#hs20_operating_class=5173

# OSU icons
# <Icon Width>:<Icon Height>:<Language code>:<Icon Typ
e>:<Name>:<file path>
#hs20_icon=32:32:eng:image/png:icon32:/tmp/icon32.png
#hs20_icon=64:64:eng:image/png:icon64:/tmp/icon64.png

# OSU SSID (see ssid2 for format description)
# This is the SSID used for all OSU connections to all
 the listed OSU Providers.
#osu_ssid="example"

# OSU Providers
# One or more sets of following parameter. Each OSU pr
ovider is started by the
# mandatory osu_server_uri item. The other parameters
add information for the
# last added OSU provider.
#
#osu_server_uri=https://example.com/osu/
#osu_friendly_name=eng:Example operator
#osu_friendly_name=fin:Esimerkkipalveluntarjoaja
#osu_nai=anonymous@example.com
#osu_method_list=1 0
#osu_icon=icon32
#osu_icon=icon64
#osu_service_desc=eng:Example services
#osu_service_desc=fin:Esimerkkipalveluja
#
#osu_server_uri=...

##### TESTING OPTIONS ################################
#########################
#
# The options in this section are only available when
the build configuration
# option CONFIG_TESTING_OPTIONS is set while compiling
 hostapd. They allow
# testing some scenarios that are otherwise difficult
to reproduce.
#
# Ignore probe requests sent to hostapd with the given
 probability, must be a
# floating point number in the range [0, 1).
#ignore_probe_probability=0.0
#
# Ignore authentication frames with the given probabil
ity
#ignore_auth_probability=0.0
#
# Ignore association requests with the given probabili
ty
#ignore_assoc_probability=0.0
#
# Ignore reassociation requests with the given probabi
lity
#ignore_reassoc_probability=0.0
#
# Corrupt Key MIC in GTK rekey EAPOL-Key frames with t
he given probability
#corrupt_gtk_rekey_mic_probability=0.0

##### Multiple BSSID support #########################
#########################
#
# Above configuration is using the default interface (
wlan#, or multi-SSID VLAN
# interfaces). Other BSSIDs can be added by using sepa
rator 'bss' with
# default interface name to be allocated for the data
packets of the new BSS.
#
# hostapd will generate BSSID mask based on the BSSIDs
 that are
# configured. hostapd will verify that dev_addr & MASK
 == dev_addr. If this is
# not the case, the MAC address of the radio must be c
hanged before starting
# hostapd (ifconfig wlan0 hw ether <MAC addr>). If a B
SSID is configured for
# every secondary BSS, this limitation is not applied
at hostapd and other
# masks may be used if the driver supports them (e.g.,
 swap the locally
# administered bit)
#
# BSSIDs are assigned in order to each BSS, unless an
explicit BSSID is
# specified using the 'bssid' parameter.
# If an explicit BSSID is specified, it must be chosen
 such that it:
# - results in a valid MASK that covers it and the dev
_addr
# - is not the same as the MAC address of the radio
# - is not the same as any other explicitly specified
BSSID
#
# Not all drivers support multiple BSSes. The exact me
chanism for determining
# the driver capabilities is driver specific. With the
 current (i.e., a recent
# kernel) drivers using nl80211, this information can
be checked with "iw list"
# (search for "valid interface combinations").
#
# Please note that hostapd uses some of the values con
figured for the first BSS
# as the defaults for the following BSSes. However, it
 is recommended that all
# BSSes include explicit configuration of all relevant
 configuration items.
#
#bss=wlan0_0
#ssid=test2
# most of the above items can be used here (apart from
 radio interface specific
# items, like channel)

#bss=wlan0_1
#bssid=00:13:10:95:fe:0b
# ...
root@raspberrypi:/home/pi# cat /etc/dhcp/dhcpd.conf
# If this DHCP server is the official DHCP server for
the local
# network, the authoritative directive should be uncom
mented.
authoritative;

# No service will be given on this subnet, but declari
ng it helps the
# DHCP server to understand the network topology.

subnet 192.168.3.0 netmask 255.255.255.0 {
 range 192.168.3.2 192.168.3.30;
 option broadcast-address 192.168.255.255;
 option routers 192.168.3.1;
 option domain-name-servers 10.8.0.1;
}
root@raspberrypi:/home/pi#