implementing multiple BSSID addresses for different VAPs, or 'why was the flag called bssid again?'
Ulrich Spörlein
uqs at spoerlein.net
Sat Oct 26 14:32:46 UTC 2013
Well, the following in rc.conf
wlans_ath0="wlan0 wlan2"
create_args_wlan0="bssid wlanmode hostap country DE authmode wpa ssid COYOTE"
ifconfig_wlan0="ssid COYOTE mode 11g pureg up"
create_args_wlan2="bssid wlanmode hostap country DE authmode wpa ssid
COYOTE_GUEST"
ifconfig_wlan2="ssid COYOTE_GUEST mode 11g pureg up"
Does not quite work, I'm left with:
(from dmesg)
Setting hostname: coyote.spoerlein.net.
bridge0: Ethernet address: 02:ac:6e:56:db:00
Created clone interfaces: bridge0.
wlan0: Ethernet address: 68:a3:c4:51:44:99
wlan2: Ethernet address: 6e:a3:c4:51:44:99
ifconfig: SIOCS80211: Device busy
ath0: stuck beacon; resetting (bmiss count 4)
(not that there's no echo for creating wlan devices, that should maybe
be added?)
Anyway, I thus get this:
ath0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST>
metric 0 mtu 2290
ether 68:a3:c4:51:44:99
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
media: IEEE 802.11 Wireless Ethernet autoselect mode 11g <hostap>
status: running
wlan0: flags=8d43<UP,BROADCAST,RUNNING,PROMISC,OACTIVE,SIMPLEX,MULTICAST>
metric 0 mtu 1500
ether 68:a3:c4:51:44:99
inet6 fe80::6aa3:c4ff:fe51:4499%wlan0 prefixlen 64 tentative scopeid 0xa
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
media: IEEE 802.11 Wireless Ethernet autoselect mode 11g <hostap>
status: no carrier
ssid COYOTE channel 7 (2442 MHz 11g)
regdomain ETSI country DE indoor ecm authmode WPA2/802.11i
privacy MIXED deftxkey 2 AES-CCM 2:128-bit txpower 30 scanvalid 60
pureg protmode CTS wme burst dtimperiod 1 -dfs
wlan2: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST>
metric 0 mtu 1500
ether 6e:a3:c4:51:44:99
inet6 fe80::6ca3:c4ff:fe51:4499%wlan2 prefixlen 64 tentative scopeid 0xb
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
media: IEEE 802.11 Wireless Ethernet autoselect mode 11g <hostap>
status: running
ssid COYOTE_GUEST channel 7 (2442 MHz 11g) bssid 6e:a3:c4:51:44:99
regdomain ETSI country DE indoor ecm authmode 802.1x privacy MIXED
deftxkey UNDEF txpower 30 scanvalid 60 pureg protmode CTS wme burst
dtimperiod 1 -dfs
root at coyote:~# ifconfig ath0
ath0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 2290
ether 68:a3:c4:51:44:99
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
media: IEEE 802.11 Wireless Ethernet autoselect <hostap>
(autoselect <hostap>)
status: no carrier
root at coyote:~# ifconfig wlan0 create wlandev ath0 bssid wlanmode
hostap country DE authmode wpa ssid COYOTE
root at coyote:~# ifconfig wlan0
wlan0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST>
metric 0 mtu 1500
ether 6a:a3:c4:51:44:99
inet6 fe80::68a3:c4ff:fe51:4499%wlan0 prefixlen 64 tentative scopeid 0xa
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
media: IEEE 802.11 Wireless Ethernet autoselect mode 11g <hostap>
status: running
ssid COYOTE channel 13 (2472 MHz 11g) bssid 6a:a3:c4:51:44:99
regdomain ETSI country DE indoor ecm authmode 802.1x privacy MIXED
deftxkey UNDEF txpower 30 scanvalid 60 pureg protmode CTS wme burst
dtimperiod 1 -dfs
root at coyote:~# ifconfig wlan2 create wlandev ath0 bssid wlanmode
hostap country DE authmode wpa ssid COYOTE_GUEST
ifconfig: SIOCS80211: Device busy
Exit 1
root at coyote:~# ifconfig wlan2
wlan2: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST>
metric 0 mtu 1500
ether 6e:a3:c4:51:44:99
inet6 fe80::6ca3:c4ff:fe51:4499%wlan2 prefixlen 64 tentative scopeid 0xb
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
media: IEEE 802.11 Wireless Ethernet autoselect mode 11g <hostap>
status: running
ssid COYOTE_GUEST channel 13 (2472 MHz 11g) bssid 6e:a3:c4:51:44:99
regdomain ETSI country DE indoor ecm authmode 802.1x privacy MIXED
deftxkey UNDEF txpower 30 scanvalid 60 pureg protmode CTS wme burst
dtimperiod 1 -dfs
root at coyote:~# ifconfig wlan0; ifconfig wlan2
wlan0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST>
metric 0 mtu 1500
ether 6a:a3:c4:51:44:99
inet6 fe80::68a3:c4ff:fe51:4499%wlan0 prefixlen 64 tentative scopeid 0xa
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
media: IEEE 802.11 Wireless Ethernet autoselect mode 11g <hostap>
status: running
ssid COYOTE channel 13 (2472 MHz 11g) bssid 6a:a3:c4:51:44:99
regdomain ETSI country DE indoor ecm authmode 802.1x privacy MIXED
deftxkey UNDEF txpower 30 scanvalid 60 pureg protmode CTS wme burst
dtimperiod 1 -dfs
wlan2: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST>
metric 0 mtu 1500
ether 6e:a3:c4:51:44:99
inet6 fe80::6ca3:c4ff:fe51:4499%wlan2 prefixlen 64 tentative scopeid 0xb
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
media: IEEE 802.11 Wireless Ethernet autoselect mode 11g <hostap>
status: running
ssid COYOTE_GUEST channel 13 (2472 MHz 11g) bssid 6e:a3:c4:51:44:99
regdomain ETSI country DE indoor ecm authmode 802.1x privacy MIXED
deftxkey UNDEF txpower 30 scanvalid 60 pureg protmode CTS wme burst
dtimperiod 1 -dfs
Then I also had to bounce the hostapd on wlan0 and start the one on
wlan2 and it looks very promising currently. Is it possible that there
is a timing issue involved and doing it manually works better than
when the startup scripts run through this?
I've now got this working version that seems to be solid and comes up
during boot w/o manual intervention.
/etc/rc.conf:
wlans_ath0="wlan0 wlan2"
create_args_wlan0="bssid wlanmode hostap country DE authmode wpa ssid COYOTE"
create_args_wlan2="bssid wlanmode hostap country DE authmode wpa ssid
COYOTE_GUEST"
(no ifconfig_wlanX settings, I'm using a bridge for these, no hostapd!)
/etc/rc.local:
#!/bin/sh
/etc/rc.d/hostapd start wlan0
sleep 2
/etc/rc.d/hostapd start wlan2
and I get:
root at coyote:~# ifconfig wlan0; ifconfig wlan2
wlan0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST>
metric 0 mtu 1500
ether 68:a3:c4:51:44:99
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
media: IEEE 802.11 Wireless Ethernet autoselect mode 11g <hostap>
status: running
ssid COYOTE channel 13 (2472 MHz 11g) bssid 68:a3:c4:51:44:99
regdomain ETSI country DE indoor ecm authmode WPA2/802.11i
privacy MIXED deftxkey 2 AES-CCM 2:128-bit txpower 30 scanvalid 60
protmode CTS wme burst dtimperiod 1 -dfs
wlan2: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST>
metric 0 mtu 1500
ether 6e:a3:c4:51:44:99
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
media: IEEE 802.11 Wireless Ethernet autoselect mode 11g <hostap>
status: running
ssid COYOTE_GUEST channel 13 (2472 MHz 11g) bssid 6e:a3:c4:51:44:99
regdomain ETSI country DE indoor ecm authmode WPA2/802.11i
privacy MIXED deftxkey 2 AES-CCM 2:128-bit txpower 30 scanvalid 60
protmode CTS wme burst dtimperiod 1 -dfs
root at coyote:~# pgrep -fl hostapd
3071 /usr/sbin/hostapd -P /var/run/hostapd-wlan2.pid -B /etc/hostapd-wlan2.conf
3061 /usr/sbin/hostapd -P /var/run/hostapd-wlan0.pid -B /etc/hostapd-wlan0.conf
Now I need to un-bridge the wlan2, put in a firewalled guest network
and tweak pf accordingly. Or maybe I'll use a pf-based filtering
bridge. And I still need an USB fob for that 5GHz AP.
Thanks!
Uli
2013/10/21 Adrian Chadd <adrian at freebsd.org>:
> So, I finally (!) figured out how this address cloning crap works.
>
> In if_ath.c, there's assign_address(). It, yes, assigns addresses. If the
> hardware supports the bssid mask field and the clone flag is set, it sets up
> multiple addresses. This works great for up to 4 MACs. We have to modify it
> to support more than 4 MAC addresses per NIC.
>
> .. but, how do you set the clone flag?
>
> The ifconfig manpage has two entries for 'bssid'.
>
> * the first is when you 'create' a VAP. It's passed as an arguement during
> create, but before wlanmode. It doesn't take an option.
> * the second is for setting the BSS ID for the VAP. It _does_ take an option
> (the MAC.)
>
> If you try this, it fails:
>
> * ifconfig wlan11 create wlandev ath0 wlanmode hostap ssid 'foo_2' bssid
>
> If you try this, it works:
>
> * ifconfig wlan11 create wlandev ath0 bssid wlanomde hostap ssid 'foo_2'
>
> So, if you run multi-VAP, and you want to use WPA on all of the VAPs, please
> try using 'bssid' as above and ensure you get multiple MAC addresses. This
> should make things behave much, much better. If it doesn't then we have
> bigger problems.
>
> Thanks,
>
>
> -adrian
>
More information about the freebsd-wireless
mailing list