wpasupplicant and multiple/hidden SSIDs

Dave Hansen dave at sr71.net
Fri Dec 7 13:47:38 EST 2007

I have a particularly nasty set of access points at work.  I think it's
all intentional, but it causes pains for wpasupplicant.  The APs
advertise an unencrypted "COMPANYVISITOR" network, but are also capable
of WPA when you associate with the "COMPANY" SSID.  Also, I do not think
they start to advertise WPA/RSN IE in their beacon frame until after you
explicitly set the SSID.  The only reason I know this is that
wpasupplicant wouldn't try to associate with them using my wpa-enabled
config entry even when I tried to force it.

ap_scan=2 works just fine for these.  But, I'd also like to use the
same .conf file at home and I'd prefer not to fiddle with it whenever I
move back and forth.  ap_scan=2 sadly won't search for multiple SSIDs:
it simply uses the first one.

I've hacked a little "scan_ssid=2" option into my version of
wpasupplicant, but I've now realized that I hacked it in pretty badly.

Would adding something like 'advertised_ssid="VISITOR"' option be useful
functionality to anyone else?  It would separate the SSID for which we
scan from the one with which we actually try to associate.  

Any ideas on how to solve this nicely?  Could we have ap_scan=2 timeout
after it fails to authenticate?  Or, have a select set of SSIDs that get
ap_scan=2 behavior while not extending it to all SSIDs?

-- Dave

More information about the HostAP mailing list