Hotspot 2.0 (802.11u) with hostapd/wpa_supplicant

Jouni Malinen j at
Thu Feb 13 08:34:37 EST 2014

On Mon, Feb 10, 2014 at 10:54:20PM -0000, James Wood wrote:
> We traditionally use an open network with a captive portal authentication
> page, and are looking to take advantage of Hotspot 2.0 whilst still
> requiring the user to be redirected to our captive portal/login page.

That is not Hotspot 2.0, but yes, you can advertise such captive portal
requirement through the Interworking (IEEE 802.11u) parameters that
Hotspot 2.0 is using as well.

> Am I right in thinking the below should suffice? Am I missing anything, or
> is any of this not required? Also, where does wpa_supplication fit in?

In practice, I would not expect any station to do much with the network
type advertisement, but it is a valid use of IEEE 802.11u.
wpa_supplicant does not really use it. If you want to use Hotspot 2.0,
that would require WPA2-Enterprise configuration as was pointed out.

> Finally, a generic question (I've been reading up about Hostspot 2.0 in
> general but still not perfectly clear) is that how does authentication (ie
> EAP-TTLS) take place before the user even connects to the AP and we
> authenticate them via the captive portal page?

Depends on what you mean with "before connects".. Hotspot 2.0 uses
WPA2-Enterprise for authentication and that goes through the
authentication step between association and data connection being
enabled. You could have a captive portal in addition to this, but I'd
expect (and hope..) most Hotspot 2.0 uses not to use captive portals
(which I see as a major annoyance for the connection).

Jouni Malinen                                            PGP id EFC895FA

More information about the HostAP mailing list