[PATCH 4/4] implement secondary SSID capability

M. Braun michael-dev at fami-braun.de
Mon Apr 27 12:13:51 EDT 2015


> Sure, but multi-BSS is limited by the hardware capabilities - and of course
> I was only building on the stubs present :-)

Thinking of yet another use case.

I'm running a WPA-PSK network with serveral users and serveral APs. PSK
is fetched by the APs using RADIUS; PSK was choosen for simplicity and
as users do not need to install a ca cert to prevent MITM.

Now there are several groups of users. The groups define the set of
permissable APs for the users to connect to and the RADIUS server to
query. Right now, this is implemented using multiple BSS and ESS, so the
user devices do not try to roam to an AP that would reject them and to
select the appropiate RADIUS server.
As the number of groups increased, I hit the multi-BSS limit of ath9k.
It happens earlier when also providing WPA-EAP and open networks
per-group for $reasons ;) So I patched ath9k, but this does not work
with all drivers and has some drawbacks. Additionally, multi-BSS isn't
always needed - for example because users get assigned to AP_VLANs
anyway and the group (SSID) the user belongs to doesn't say anything
about the VLAN assigned or because the different groups don't need to be
isolated.

With multi-SSID per BSS, the driver limit would not be hit. Without
VLANs, all users would share the BSS so TLDS would just work.
To get this working with on top of this patchset, the cache in
ieee802_11_auth.c would need to become per-SSID (in addition to
per-BSS), SSID would be needed in Access-Request and beaconing would be
needed. So I think this framekwork could be useful.

Regards,
 M. Braun


More information about the HostAP mailing list