Saturday, February 10, 2018

hostapd' dynamic vlan

*** info
- radius server ip : 192.168.22.5
- hostapd ip address: 192.168.22.100

1- freeradius server (version 3)
- add the following line to /etc/freeradius/3.0/clients.conf
client perhost1 {
        ipaddr = 192.168.22.100
        secret          = radius
        require_message_authenticator = no
}


- add the following line to /etc/freeradius/3.0/users
"user1"     Cleartext-Password := "password1"
"user2"     Cleartext-Password := "password1"
    Tunnel-Type=13,
    Tunnel-Medium-Type=6,
    Tunnel-Private-Group-ID=2357










- restart freeradius service
 $ sudo /etc/init.d/freeradius restart

2- hostapd
- configuration file ap.conf
interface=wlan0
ssid=HWSim
driver=nl80211
hw_mode=g
channel=11
ieee8021x=1
wpa=3
wpa_key_mgmt=WPA-EAP
dynamic_vlan=1
vlan_file=/vlan.db
eap_reauth_period=3600
own_ip_addr=192.168.22.100
nas_identifier=ap.wired.com
auth_server_addr=192.168.22.5
auth_server_port=1812
auth_server_shared_secret=radius
acct_server_addr=192.168.22.5
acct_server_port=1813
acct_server_shared_secret=radius


- /vlan.db
10       wlan0.10
11       wlan0.11
2357       wlan0.2357
3393       wlan0.3393



- start hostapd
$ sudo hostapd -dd ap.conf


3- client
- copy  /etc/ssl/certs/ssl-cert-snakeoil.pem from freeradius server to client at /cert.pem

- client.conf  file
 network={
    ssid="HWSim"
    key_mgmt=WPA-EAP
    eap=PEAP
    identity="user3"
    password="password1"
    ca_cert="/cert.pem"
    phase1="peaplabel=1"
    phase2="auth=MSCHAPV2"
    priority=10
}


- start client
$   sudo wpa_supplicant -Dnl80211 -i wlan1 -c client.conf

No comments:

Post a Comment