VLANs and Hostapd : unable to reach the access point

Thomas Pedersen thomas at eero.com
Wed Apr 10 10:00:53 PDT 2019


On Wed, Apr 10, 2019 at 1:51 AM John Doe <johndoe34032 at gmail.com> wrote:
>
> Hi,
>
> I'm trying to setup an access-point with Hostapd, with dynamic VLAN
> management thanks to a Freeradius server. My Hostapd configurations as
> follows :
>
> ###### GENERAL CONFIG ######
> # define interface and driver
> interface=wlp2s0
> driver=nl80211
> ssid=MUDDY
> channel=1
>
> # WPA2 enterprise auth
> wpa=2
> wpa_key_mgmt=WPA-EAP
> wpa_pairwise=TKIP CCMP
>
> # log level, all modules and somewhat verbose
> logger_syslog=-1
> logger_syslog_level=0
> logger_stdout=-1
> logger_stdout_level=1
>
> # could be useful in the future
> ctrl_interface=/var/run/hostapd
> ctrl_interface_group=0
>
> # we want 802.1x auth
> ieee8021x=1
>
> # whatever
> eapol_key_index_workaround=0
>
> # nope, no integrated eap
> eap_server=0
>
> ###### RADIUS CONFIG ######
> # probably irrelevant with nas_identifier set
> own_ip_addr=127.0.0.1
>
> # might make own_ip_addr irrelevant
> #nas_identifier=my.nas
>
> # address and port of RADIUS auth server
> auth_server_addr=127.0.0.1
> auth_server_port=1812
> auth_server_shared_secret=somuchsecret
>
> # we want accounting and be able to receive CoA messages
> acct_server_addr=127.0.0.1
> acct_server_port=1813
> acct_server_shared_secret=somuchsecret
>
> radius_das_port=3799
> radius_das_client=127.0.0.1 thatsabigsecretohyeah
>
> # accounting every minute
> radius_acct_interim_interval=60
>
> # VLANs are dealt with by the Radius server
> dynamic_vlan=1
>
>
> With this configuration, the VLANs are indeed created. For each one
> bridge with 802.1Q tagging (brvlanxxx) and a wireless interface
> associated with it (wlp2s0.xxx) are created.
> Trouble comes when I want to reach the access point. ARP requests from
> the access point to retrieve the station's IP leave from the "physical"
> interface (wlp2s0) and not from the tagged bridge or the interface. It
> does make sense, since neither the bridge nor its interface have an IP.
>
> Is there anything I did wrong in my configuration which would prevent my
> setup (one access point with VLANs, no bridging) to work ? Or am I
> missing something else ?

Did you assign an IP address to the brvlanxxx? It should be a
different subnet from the non-tagged network.

-- 
thomas



More information about the Hostap mailing list