Setting up WDS
Wed Apr 8 00:18:55 PDT 2015
Second question ever on this forum... This one is really simple.
I am trying to set up a peered WDS by using a technique described on:
E.g., I have two Access Points (running Open Source) and I do exactly
the same setup for both.
1) add a WDS interface.
2) give it peer's MAC address (the other AP)
3) add the wds interface to the bridge (that already has the AP
interface and wired LAN interface) and
4) bring up the wds0 interface
iw phy phy0 interface add wds0 type wds
iw dev wds0 set peer <MAC address>
brctl addif br0 wds0
ifconfig wds0 up
Bridge works perfectly, that is, I can connect 2 WiFi clients, one to
each access point, they can ping each other and so on.
This looks like a true layer 2 bridge.
Once all of the above is done, I can even kill hostapd (which I needed
to setup the channels and so on).
Looking at the mac80211.c code, it seems to do exactly what a bridge
should do - sends any client packets to the peer using 4-address frame
format, and on the rx side, accepts packets from the peer by checking
its mac address.
However, with this arrangement frames between the two APs are sent with
no encryption whatsoever, which is a major problem for me.
I have actually run traceroute on WDS interfaces and can see plain text
(Clearly, the packets from clients to AP interfaces are encrypted)
Furthermore, it is unclear to me how anything other than simple scheme
such as WEP could work in this layer 2 arrangement.
As an alternative, I have looked at using the 4addr mode but have not
been able to get it working, possibly because of the comment stating
that it is currently broken.
Anyway, my main question is - with layer 2 arrangement described, is
there a way to implement some security?
This communication contains information which may be confidential or privileged. The information is intended solely for the use of the individual or entity named above. If you are not the intended recipient, be aware that any disclosure, copying, distribution or use of the contents of this information is prohibited. If you have received this communication in error, please notify me by telephone immediately.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Hostap