hostapd + dhcpd (+ FreeRADIUS?) and two different kinds of clients

Lev Serebryakov lev at
Tue Sep 12 13:46:21 EDT 2006

Hello hostap,

  Now I have simple WPA2 EAP-TLS only configuration and it works perfectly. But I need to add ability to `plug' some temporary clients with restricted access fast (without issuing certificates).

  I see something like this scheme:
 FreeBSD host-based AP (with help from hostapd, of course) with TWO modes of authorization, works in same time:
  (1) WPA2 EAP-TSL
  (2) WPA2-PSK

 Cleint after authorization gots dynamic IP and firewall is updated with this IP _AND_ client MAC (it can be done with script, plugged to isc-dhcpd). IPs should be from differnet networks for trusted and untrusted cleints.  DHCP lease should be forced to expire (and firewal updated as result, but it is not a problem, of course, as soon as dhcpd is informed) when client de-autorized in terms of WPA2 or after timeout.

  It seems, that I need some interoperability between hostapd and dhcpd (may be, with help of FreeRADIUS). Is it possible?

  Or, maybe, here is better solution?
  Or, maybe, here is better list for this question?

Best regards,
 Lev                          mailto:lev at

More information about the HostAP mailing list