Multi-PSK on Hostapd

Colton Conor colton.conor at gmail.com
Tue Jul 27 09:21:41 PDT 2021 

Michał,

Thanks, this makes more sense.

I basically meant if you have 100 OpenWRT AP's running at an
enterprise, how would you in mass edit the psk file, and reload
accordingly across all? Most commercial vendors have a controller that
devices would check into to facilitate this task, or use a radius
server. Can radius be used with Multi-PSK?

On Tue, Jul 27, 2021 at 10:08 AM Michał Kazior <kazikcz at gmail.com> wrote:
>
> Hi Conor,
>
> keyid= can be used to identify which passphrase a client used. This in
> turn can be used to apply selective firewalling rules if so desired.
> vlan= filtering/assignment isn't necessarily what you want, or what
> you can do, depending on your system and requirements.
>
> Editing the psk file itself does not do anything. If you want to
> reload it you can run `hostapd_cli -i wlanX reload_wpa_psk`. It
> re-reads and re-applies psk file data only. If a client was connected
> with a passphrase that no longer exists in the psk file, it will be
> disconnected. Otherwise the client will be left connected.
>
> Not sure what you mean by automating it across 100s of APs though.
>
>
> Michal
>
> On Tue, 27 Jul 2021 at 16:40, Colton Conor <colton.conor at gmail.com> wrote:
> >
> > I am trying to figure out the proper way to have multiple PSKs on a
> > single SSID. Each passphrase will be used by multiple users, and each
> > passphrase will be tied to a VLAN.
> >
> > Reading https://w1.fi/cgit/hostap/tree/hostapd/hostapd.wpa_psk, it
> > seems the proper way to do this would be:
> >
> > vlanid=10 00:00:00:00:00:00 passphrase1
> > vlanid=11 00:00:00:00:00:00 passphrase2
> >
> > My question is:
> > What is the keyid= used for typically?
> > Is there a way to add/remove keys using radius instead of manually
> > editing the hostapd.wpa_psk each time?
> > Does editing the hostapd.wpa_psk kick existing users offline if you
> > have to reload / save the file?
> > How would you automate this across 100's of APs at a property?
> >
> > _______________________________________________
> > Hostap mailing list
> > Hostap at lists.infradead.org
> > http://lists.infradead.org/mailman/listinfo/hostap

More information about the Hostap mailing list