Does 802.11u require 802.1x?

Ben Greear greearb at candelatech.com
Sat Aug 31 11:58:10 EDT 2013 

On 08/31/2013 01:17 AM, Jouni Malinen wrote:
> On Wed, Aug 28, 2013 at 07:22:59AM -0700, Ben Greear wrote:
>> I'm mainly trying to wrap my head around it well enough to support
>> 802.11u and hotspot 2.0 for testing third-party equipment.  I'd like
>> to support whatever feature set hostapd and supplicant support, and
>> if that is not enough for my customers, then I'll try to implement
>> the parts that are not currently there...
>
> I'd assume you would then be interested in Hotspot 2.0 rather than IEEE
> 802.11u, since in practice, Hotspot 2.0 functionality (which includes a
> subset of 802.11u) is what will be much more likely to be deployed than
> all of IEEE 802.11u.

I did successfully test using HS20 on supplicant and hostapd, with hostapd
using 802.1x EAP and radius on the back end.

I left SSID set to "" on supplicant, and after scanning it then went and did
interworking/HS20 stuff and chose the proper AP based on
the realm/domain....


Here are my config files it case it helps someone else...

hostapd config file:

interface=vap0
driver=nl80211
logger_syslog=-1
logger_syslog_level=2
logger_stdout=-1
logger_stdout_level=2
dump_file=/home/lanforge/wifi/hostapd_vap0.dump
ctrl_interface=/var/run/hostapd
ctrl_interface_group=0
ssid=ben-138
bssid=80:01:02:03:04:05
country_code=US
ieee80211d=0
hw_mode=a
ieee80211n=1
channel=36
beacon_int=240
dtim_period=2
max_num_sta=2007
rts_threshold=2347
fragm_threshold=2346
preamble=0
macaddr_acl=0
auth_algs=3
ignore_broadcast_ssid=0
# Enable HT modes if you want 300Mbps+ throughput.
#ht_capab=[HT20][HT40-][HT40+][GF][SHORT-GI-20][SHORT-GI-40]
#         [TX-STBC][RX-STBC123][MAX-AMSDU-7935][DSSS_CCK-40][PSMP][LSIG-TXOP-PROT]
ht_capab=[HT20][HT40+][SHORT-GI-40][SHORT-GI-20]
wmm_enabled=1
wmm_ac_bk_cwmin=4
wmm_ac_bk_cwmax=10
wmm_ac_bk_aifs=7
wmm_ac_bk_txop_limit=0
wmm_ac_bk_acm=0
wmm_ac_be_aifs=3
wmm_ac_be_cwmin=4
wmm_ac_be_cwmax=10
wmm_ac_be_txop_limit=0
wmm_ac_be_acm=0
wmm_ac_vi_aifs=2
wmm_ac_vi_cwmin=3
wmm_ac_vi_cwmax=4
wmm_ac_vi_txop_limit=94
wmm_ac_vi_acm=0
wmm_ac_vo_aifs=2
wmm_ac_vo_cwmin=2
wmm_ac_vo_cwmax=3
wmm_ac_vo_txop_limit=47
wmm_ac_vo_acm=0
ieee8021x=1
own_ip_addr=10.97.1.1
auth_server_addr=192.168.100.119
auth_server_port=1812
auth_server_shared_secret=lanforge
wpa=2
wpa_pairwise=TKIP CCMP
wpa_key_mgmt=WPA-EAP

# 802.11u configuration
interworking=1
access_network_type=4
internet=1
asra=1
esr=1
uesa=1
venue_group=2
venue_type=1
hessid=00:00:00:00:00:01
roaming_consortium=01010101
venue_name=eng:LANforge Test Venue
network_auth_type=00
ipaddr_type_availability=04
domain_name=lanforge.org
anqp_3gpp_cell_net=244,91;310,026;234,56
nai_realm=0,lanforge.org,13[5:6],21[2:4][5:7]

# HotSpot 2.0 configuration
hs20=1
hs20_oper_friendly_name=eng:LANforge HotSpot 2.0
hs20_wan_metrics=01:8000:1000:80:240:3000
hs20_operating_class=5173

# Error emulation settings.
ignore_probe_probability=0.000000
ignore_auth_probability=0.000000
ignore_assoc_probability=0.000000
ignore_reassoc_probability=0.000000
corrupt_gtk_rekey_mic_probability=0.000000



and supplicant below...  Some of the stuff at the top is only supported by some patches
I carry in my hostapd tree...so just comment out anything that supplicant
doesn't know about:

ctrl_interface=/var/run/wpa_supplicant
fast_reauth=1
can_scan_one=1
min_scan_gap=5

# 802.11u / Interworking configuration.
interworking=1
hessid=00:00:00:00:00:01
auto_interworking=1
access_network_type=0

# HotSpot 2.0 configuration
hs20=1

bss_max_count=2000
network={
     ssid=""
     disable_ht=0
     disable_ht40=0
     disable_sgi=0
     ht_mcs=""
     disable_max_amsdu=-1
     ampdu_factor=-1
     ampdu_density=-1
     proto=RSN
     key_mgmt=WPA-PSK WPA-EAP
     #psk="ben-138-pwd"
     psk=d1c4742edd0347af96169f0b16605b5c5fd95ec82bfdc166bfcb53217cc26aa8
     eap=TLS
     pairwise=CCMP TKIP
     group=CCMP TKIP WEP104 WEP40
     identity="client"
     password="lanforge"
     ca_cert="/home/lanforge/ca.pem"
     private_key="/home/lanforge/client.p12"
     private_key_passwd="lanforge"

}

cred={
     username="client"
     password="lanforge"
     ca_cert="/home/lanforge/ca.pem"
     private_key="/home/lanforge/client.p12"
     private_key_passwd="lanforge"
     realm="lanforge.org"
     domain="lanforge.org"
     eap=TLS

}

-- 
Ben Greear <greearb at candelatech.com>
Candela Technologies Inc  http://www.candelatech.com

More information about the HostAP mailing list