PSK + EAP on the same SSID?

Christ Schlacta lists
Sat Dec 11 10:50:29 PST 2010 

On 12/11/2010 7:26 AM, michael-dev at fami-braun.de wrote:
> Am 10.12.2010 23:49, schrieb Christ Schlacta:
>> I've read the documentation and it seems to be possible, but without
>> some way to segregate teh traffic it seems useless.
> The more striking issue I found when testing a shared SSID for PSK and
> EAP is that virtually no non-wpa_supplicant handled this friendly. The
> users that tested this setup could usually not choose between PSK and
> EAP and all current MacOS implementations (iOS 4.x, MacOs on Intel)
> seem to break by asking the ap for PSK but then expecting EAP (MacOs
> 10.4 on PPC worked, though).
>
I've got no MACs here, but windows 7 and ubuntu work with the test AP 
(both psk and eap) without vlans (And can connect using PSK or EAP).  My 
PSP, and wii and nook can all connect to the PSK network.  the purpose 
of this experiment is to place "gaming" and "Portable" devices on a 
separate, unsecured network, while keeping authenticated devices (such 
as laptops, desktops, servers) on a separate, secured network.
>> is it possible to force all PSK traffic to one vlan, and all EAP traffic
>> to a different VLAN?  It's possible to add vlan responses to  EAP
>> responses, but the PSK clients part is the part that's unclear.
> so the psk clients should get the default vlan and by adding vlan
> properties to the radius response, the eap clients are separated.
> Though I haven't tested this yet.
>
> mbr
>
right now the "default vlan" is for the secured clients and I have a 
separate AP with a different SSID bridged to vlan2.
I can make "PSK clients on the default vlans, others on the vlan 
specified" work, and it'd be only a minor headache, but if there's some 
way to specify that "unspecified clients should go on a second vlan", or 
similar it would save some hassle.
>
>
> _______________________________________________
> HostAP mailing list
> HostAP at lists.shmoo.com
> http://lists.shmoo.com/mailman/listinfo/hostap

Thanks for the information, I should be able to make it work from here, 
at least as best as I can tell.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.shmoo.com/pipermail/hostap/attachments/20101211/34fa53d3/attachment.htm

More information about the Hostap mailing list