Dynamic AP selection from WPA_Supplicant

Raghavendra M S booninfosec at gmail.com
Fri Jun 10 06:09:50 PDT 2016


We have successfully been experimenting with wpa_supplicant on various
versions of raspberry pies for enterprise Wifi authentication
(802.1x). We now plan to sell our stand-alone (no other user
interface) raspberry pie devices to customers that would deploy these
in their SME offices. We will embed the Raspberry pies with
pre-installed certificates and domain information about our server.
The network administrator of the SME is required to forward the EAP
messages to our server by configuring his/her AP. However, we don't
want to (and cannot) standardize the access point name chosen by the
SME administrator (the AP would also serve other general purpose
network access). Therefore, a method for dynamic AP selection is
needed. We plan to use EAP-TLS as the authentication method. As there
is no visual or command line interface accessible from raspberry pie,
we want it to try and connect with all the APs in its vicinity,

We have thought about different approaches to do this. We found a
python script that scans the network
https://sourceforge.net/projects/wpascm/ . However, it still asks the
user to manually choose the correct AP. We believe that we  can modify
the script to dynamically select the right AP (and EAP server
combination).  A similar approach was to use  wpa_cli scan list and
feed formatted result to  wpa_cli to try connecting to different APs.

Are there any better ways of doing this? Are we missing something?

Thank you.

More information about the Hostap mailing list