Hi Conor, keyid= can be used to identify which passphrase a client used. This in turn can be used to apply selective firewalling rules if so desired. vlan= filtering/assignment isn't necessarily what you want, or what you can do, depending on your system and requirements. Editing the psk file itself does not do anything. If you want to reload it you can run `hostapd_cli -i wlanX reload_wpa_psk`. It re-reads and re-applies psk file data only. If a client was connected with a passphrase that no longer exists in the psk file, it will be disconnected. Otherwise the client will be left connected. Not sure what you mean by automating it across 100s of APs though. Michal On Tue, 27 Jul 2021 at 16:40, Colton Conor <colton.conor@xxxxxxxxx> wrote: > > I am trying to figure out the proper way to have multiple PSKs on a > single SSID. Each passphrase will be used by multiple users, and each > passphrase will be tied to a VLAN. > > Reading https://w1.fi/cgit/hostap/tree/hostapd/hostapd.wpa_psk, it > seems the proper way to do this would be: > > vlanid=10 00:00:00:00:00:00 passphrase1 > vlanid=11 00:00:00:00:00:00 passphrase2 > > My question is: > What is the keyid= used for typically? > Is there a way to add/remove keys using radius instead of manually > editing the hostapd.wpa_psk each time? > Does editing the hostapd.wpa_psk kick existing users offline if you > have to reload / save the file? > How would you automate this across 100's of APs at a property? > > _______________________________________________ > Hostap mailing list > Hostap@xxxxxxxxxxxxxxxxxxx > http://lists.infradead.org/mailman/listinfo/hostap _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
