path: root/hostapd
diff options
authorJouni Malinen <jouni@codeaurora.org>2019-02-14 11:34:33 (GMT)
committerJouni Malinen <j@w1.fi>2019-02-14 11:36:54 (GMT)
commitdbfa691df4dcdcd62840f80016d09ddac6dbfd2c (patch)
tree26a540175f0580e78bdb10ea8563be327510aebe /hostapd
parentdd2aedeb55adcc2db9bd398f1c0e9fb4771f20a4 (diff)
VLAN assignment based on used WPA/WPA2 passphrase/PSK
Extend wpa_psk_file to allow an optional VLAN ID to be specified with "vlanid=<VLAN ID>" prefix on the line. If VLAN ID is specified and the particular wpa_psk_file entry is used for a station, that station is bound to the specified VLAN. This can be used to operate a single WPA2-Personal BSS with multiple VLANs based on the used passphrase/PSK. This is similar to the WPA2-Enterprise case where the RADIUS server can assign stations to different VLANs. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Diffstat (limited to 'hostapd')
2 files changed, 5 insertions, 0 deletions
diff --git a/hostapd/hostapd.conf b/hostapd/hostapd.conf
index ab37f03..f3584c5 100644
--- a/hostapd/hostapd.conf
+++ b/hostapd/hostapd.conf
@@ -1174,6 +1174,8 @@ own_ip_addr=
# Tunnel-Medium-Type (value 6 = IEEE 802), Tunnel-Private-Group-ID (value
# VLANID as a string). Optionally, the local MAC ACL list (accept_mac_file) can
# be used to set static client MAC address to VLAN ID mapping.
+# Dynamic VLAN mode is also used with VLAN ID assignment based on WPA/WPA2
+# passphrase from wpa_psk_file.
# 0 = disabled (default); only VLAN IDs from accept_mac_file will be used
# 1 = optional; use default interface if RADIUS server does not include VLAN ID
# 2 = required; reject authentication if RADIUS server does not include VLAN ID
diff --git a/hostapd/hostapd.wpa_psk b/hostapd/hostapd.wpa_psk
index 834d441..166e59e 100644
--- a/hostapd/hostapd.wpa_psk
+++ b/hostapd/hostapd.wpa_psk
@@ -5,8 +5,11 @@
# characters or as a 256-bit hex PSK (64 hex digits).
# An optional key identifier can be added by prefixing the line with
# keyid=<keyid_string>
+# An optional VLAN ID can be specified by prefixing the line with
+# vlanid=<VLAN ID>.
00:00:00:00:00:00 secret passphrase
00:11:22:33:44:55 another passphrase
00:22:33:44:55:66 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef
keyid=example_id 00:11:22:33:44:77 passphrase with keyid
+vlanid=3 00:00:00:00:00:00 passphrase with vlanid
00:00:00:00:00:00 another passphrase for all STAs