services.hostapd.radios.<name>.networks.<name>.authentication.mode

Selects the authentication mode for this AP.

• "none": Don't configure any authentication. This will disable wpa alltogether and create an open AP. Use settings together with this option if you want to configure the authentication manually. Any password options will still be effective, if set.
• "wpa2-sha1": Not recommended. WPA2-Personal using HMAC-SHA1. Passwords are set using wpaPassword or preferably by wpaPasswordFile or wpaPskFile.
• "wpa2-sha256": WPA2-Personal using HMAC-SHA256 (IEEE 802.11i/RSN). Passwords are set using wpaPassword or preferably by wpaPasswordFile or wpaPskFile.
• "wpa3-sae-transition": Use WPA3-Personal (SAE) if possible, otherwise fallback to WPA2-SHA256. Only use if necessary and switch to the newer WPA3-SAE when possible. You will have to specify both wpaPassword and saePasswords (or one of their alternatives).
• "wpa3-sae": Use WPA3-Personal (SAE). This is currently the recommended way to setup a secured WiFi AP (as of March 2023) and therefore the default. Passwords are set using either saePasswords or saePasswordsFile.

Type

one of "none", "wpa2-sha1", "wpa2-sha256", "wpa3-sae-transition", "wpa3-sae"

Default

"wpa3-sae"

Declared

<nixpkgs/nixos/modules/services/networking/hostapd.nix>