openwrt/package/network/services/hostapd/files
Bernd Naumann 98d91e4d5e hostapd: Radius based VLANs on AP with PSK
This patch allows the user to set `auth_server` and related settings on
non WPA2 Enterprise AP modes in `/etc/config/wireless`, too, so the
Radius Attributes for Dynamic VLAN Assignment can be fetched from Radius.

Without this patch, `auth_server` and other needed options are only
written to `hostapd-phy<n>.conf` when `option encryption wpa2` is set.

`hostapd` however supports "Station MAC address -based authentication" for
non WPA Enterprise Modes, too.

A classic approch is to use `accept_mac_file` which contains MAC addr
and VLAN-ID pairs. But, using `accept_mac_file` does not support
VLAN assignment for unknown stations.

This is a sample `freeradius3` config, where a known station
("7e:a6:a7:2a:93:d2") is assigned to VLAN `65` and unknown stations are
assigned to VLAN `67`.

```
"7ea6a72a93d2" Cleartext-Password := "7ea6a72a93d2"
        Tunnel-Type = "VLAN",
        Tunnel-Medium-Type = "IEEE-802",
        Tunnel-Private-Group-Id = 65

DEFAULT Cleartext-Password := "%{User-Name}"
        Tunnel-Type = "VLAN",
        Tunnel-Medium-Type = "IEEE-802",
        Tunnel-Private-Group-Id = 67
```

Other option is to configure known stations via `accept_mac_file` and
using only Radius for unknown stations.

I tested this patch only with `wpa_key_mgmt=WPA-PSK`, and assumed that
it should work with other Encryption/Access Mode, too.

Signed-off-by: Bernd Naumann <bernd.naumann@kr217.de>
2022-06-08 16:04:04 +02:00
..
dhcp-get-server.sh hostapd: add support for specifying the FILS DHCP server 2021-12-10 11:33:49 +01:00
hostapd-basic.config hostapd: enable proxy-arp support for hostapd-full 2021-08-28 01:31:15 +02:00
hostapd-full.config hostapd: enable FILS support in the full config and add build feature discovery 2021-12-10 11:33:49 +01:00
hostapd-mini.config hostapd: enable proxy-arp support for hostapd-full 2021-08-28 01:31:15 +02:00
hostapd.sh hostapd: Radius based VLANs on AP with PSK 2022-06-08 16:04:04 +02:00
multicall.c packages: sort network related packages into package/network/ 2012-10-10 12:32:29 +00:00
wpa_supplicant-basic.config hostapd: enable the epoll-based event loop 2020-11-23 03:02:21 +00:00
wpa_supplicant-full.config hostapd: enable FILS support in the full config and add build feature discovery 2021-12-10 11:33:49 +01:00
wpa_supplicant-mini.config hostapd: enable the epoll-based event loop 2020-11-23 03:02:21 +00:00
wpa_supplicant-p2p.config hostapd: enable FILS support in the full config and add build feature discovery 2021-12-10 11:33:49 +01:00
wpad_acl.json hostapd: run as user 'network' if procd-ujail is installed 2021-01-14 00:52:50 +00:00
wpad.init hostapd: run as user 'network' if procd-ujail is installed 2021-01-14 00:52:50 +00:00
wpad.json hostapd: run as user 'network' if procd-ujail is installed 2021-01-14 00:52:50 +00:00
wps-hotplug.sh hostapd: add fallback for WPS on stations 2021-12-27 16:32:02 +00:00