Can hostap&madwifi support several bcast keys of one AP?

Jouni Malinen j at w1.fi
Fri Sep 26 09:48:15 EDT 2008


On Fri, Sep 19, 2008 at 01:47:14PM +0800, 王�h wrote:

> I deployed hostap and madwifi on my wireless network.
> And there are 2 questions i am confused:
> 1.Can AP or VAP(both with only one ssid) have serveral
> broadcast domain, and each domains are encrypted by
> different bcast keys?

In theory, yes.

> If hostap does, can madwifi support this?

hostapd has support for this with the dynamic VLAN features (VLAN
allocation based on either RADIUS server data or local configuration per
MAC address). However, I do not think that madwifi supports this. The
VLAN concept (multiple SSIDs/broadcast domains per BSS) is only
supported with mac80211-based drivers at this point (e.g., ath9k and
hopefully soon with ath5k) and even with that, at least a minimal patch
to enable AP mode in the kernel code is still needed since this is still
disabled in the mainline Linux kernel.

> 2.I read the hostap's source and find function:
> ap_sta_bind_vlan.
> The funcions: vlan_setup_encryption_dyn and 
> wpa_auth_sta_set_vlan are able to set different keys
> to different vlans?

Yes.

> If 1 and 2 are realized by hostap, does this function
> (different bcast domian or vlan has differnet b cast
> keys) have to be connected with radius auth?

This used to be available only with RADIUS server reporting the selected
VLAN ID with Tunnel-Private-Group-ID attribute. However, it is now
(starting with v0.6.5) possible to configure this locally with the
accept_mac_file data.

> Should i call the function "ap_sta_bind_vlan" 
> somewhere instead of configuration radius server?

That is already taken care of for you in the current development branch
assuming you would be doing VLAN assignment based on local
accept_mac_file configuration.

-- 
Jouni Malinen                                            PGP id EFC895FA


More information about the HostAP mailing list