Re: Multi-PSK on Hostapd

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Conor,

keyid= can be used to identify which passphrase a client used. This in
turn can be used to apply selective firewalling rules if so desired.
vlan= filtering/assignment isn't necessarily what you want, or what
you can do, depending on your system and requirements.

Editing the psk file itself does not do anything. If you want to
reload it you can run `hostapd_cli -i wlanX reload_wpa_psk`. It
re-reads and re-applies psk file data only. If a client was connected
with a passphrase that no longer exists in the psk file, it will be
disconnected. Otherwise the client will be left connected.

Not sure what you mean by automating it across 100s of APs though.


Michal

On Tue, 27 Jul 2021 at 16:40, Colton Conor <colton.conor@xxxxxxxxx> wrote:
>
> I am trying to figure out the proper way to have multiple PSKs on a
> single SSID. Each passphrase will be used by multiple users, and each
> passphrase will be tied to a VLAN.
>
> Reading https://w1.fi/cgit/hostap/tree/hostapd/hostapd.wpa_psk, it
> seems the proper way to do this would be:
>
> vlanid=10 00:00:00:00:00:00 passphrase1
> vlanid=11 00:00:00:00:00:00 passphrase2
>
> My question is:
> What is the keyid= used for typically?
> Is there a way to add/remove keys using radius instead of manually
> editing the hostapd.wpa_psk each time?
> Does editing the hostapd.wpa_psk kick existing users offline if you
> have to reload / save the file?
> How would you automate this across 100's of APs at a property?
>
> _______________________________________________
> Hostap mailing list
> Hostap@xxxxxxxxxxxxxxxxxxx
> http://lists.infradead.org/mailman/listinfo/hostap

_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap



[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]

  Powered by Linux