Hamnet hotspots' goal is to provide fellow amateur radio operators simple, easy, secure connectivity to your local (and/or to global) Hamnet resources, through the use of unlicensed Wi-Fi networks (the access radio is to be operated within the rules of FCC part 15, but it grants access to Part 97 resources).

To ensure inter-operation:

• The SSID of Hamnet hotspots SHALL be set Hamnet.
• Security SHALL be set with WPA2-Enterprise or WPA3-Enterprise, with backwards compatibility with WPA2-Enterprise.
• When possible, the beacon interval SHOULD be set to 100ms, and DTIM SHOULD be set to 3.

The generic (or null) realm is used to accept ham connections using their APRS-IS credentials.

You can rely on rlm_aprsis to do this.

Note: APRS-IS is a basic mechanism which doesn't provide reliable authentication. You shouldn't rely on such an authentication for privileged access to resources (internet access).

If members of an amateur radio association/club are to be granted access to the Internet, you can delegate the authentication to a third party RADIUS server hosted by them.

To tell apart registered members and generic hams, you can use a UAM/Captive Portal solution to filter access to restricted services.

If you choose to provide restricted unauthenticated online access, you should grant access to the following list of services:

• *.ampr.org ⇒ Domain name for Hamnet resources
• 44.0.0.0/9,44.128.0.0/10 ⇒ Network scope for Hamnet
• winlink.org, server.winlink.org, webmail.winlink.org ⇒ Access to the WL2K network

Additionally, you should also serve your local resources in a subdomain such as “.hnet.yourdomain.org”, so that your services stay reachable, shall your connectivity to ampr.org be disrupted.

Below, you'll find a list of “well-known” dns records that you SHOULD set up, if you're providing one of those services (to allow automatic discovery).

• __aprs.__tcp.lan ⇒ APRS message server (may be connected to the APRS Tier 2 network).
• __irc.__tcp.lan ⇒ Instant messaging server (may be connected to other networks).
• __dextra.__udp.lan ⇒ DPlus local DSTAR reflector
• __dplus.__udp.lan ⇒ DExtra local DSTAR reflector

On top of that, your DNS server should reply with your NTP server(s) when queried for *.pool.ntp.org.