Setting up WDS
Thu Apr 9 02:01:10 PDT 2015
After stuffing around a lot more with 4-address mode, it all appears
good. Here are some tips (not too obvious in the documentation):
1) On AP side, when writing hostapd configuration file, make sure to add:
When 4-address enabled WDS client connects, an interface appears with a
name of wlan0.sta1 (I am assuming additional interfaces will appear as
wlan0.sta2 and so on if more 4-address enabled clients connect).
The wds_bridge line in the hostapd configuration file will automatically
add the wlan0.sta to your nominated bridge, e.g. br0. Alternatively, you
can always do brctl addif and so on.
As one would hope, non 4-address clients continue to work as normal and
co-exist with 4-address clients.
2) On STA side, as specified in documentation, the interface has to be
brought up with 4addr on option, e.g.
iw phy phy0 interface add wlan_sta0 type station 4addr on
Bridge the 4-addr mode client interface (which is now connected to AP
side) wlan_sta0 to AP, e.g.
brctl addif br0 wlan_sta0 wlan0
Make sure you disable DHCP on this device as DHCP is already enabled on
AP side and remember STA is simply a layer 2 device now.
I have tried WPA-PSK and WPA2-PSK authentication between STA and AP, and
downstream clients connecting to either STA or AP.
Presumably, this arrangement can be extended beyond the two devices
1) Simple WDS without security between WDS peers, use recommendations on
2) Not-so simple WDS, where WDS link is secured by the fact that it is
really a modified STA-AP link (with all supported authentication options
available), use recommendations on
and a few tips in this email.
On 09/04/15 04:56, Bob Copeland wrote:
> On Wed, Apr 08, 2015 at 05:18:55PM +1000, michaelm wrote:
>> Anyway, my main question is - with layer 2 arrangement described, is
>> there a way to implement some security?
> I cannot speak for WDS or 4addr mode, but you can use mesh for this if
> your driver/hw supports it (ath9k does). You can run hostapd on the
> AP virtual interface, bridged with a mesh interface. On the mesh interface,
> you can run wpa_supplicant with key_mgmt=SAE so that the mesh links will be
This communication contains information which may be confidential or privileged. The information is intended solely for the use of the individual or entity named above. If you are not the intended recipient, be aware that any disclosure, copying, distribution or use of the contents of this information is prohibited. If you have received this communication in error, please notify me by telephone immediately.
More information about the Hostap