Sample Header Ad - 728x90

Configure hostapd with sae_password and vlanid

0 votes
0 answers
214 views
networking vlan hostapd
According [to the hostapd documentation](https://w1.fi/cgit/hostap/plain/hostapd/hostapd.conf) , when you use WPA3, the hostapd AP can bind to a vlan interface based on the received passphrase. > an optional VLAN ID specification can be used to bind the station > to the specified VLAN whenever the specific SAE password entry is used. > [...] > > #sae_password=example secret|vlanid=3|id=pw identifier I have a minimal working hostapd configuration for WPA3 but it does not work if I try to bind to a vlan : 
interface=wlan0
ssid2="Test-44"
country_code=

# Advertises the country_code and the set of allowed
# channels and transmit power levels based on the regulatory limits.
ieee80211d=1

logger_syslog=-1
logger_syslog_level=0
logger_stdout=-1
logger_stdout_level=1

driver=nl80211

ieee80211n=1
ieee80211ac=1

# Support for 802.11a(c|x)
hw_mode=g

# Required for 802.11n/802.11ac/802.11ax
# https://www.wi-fi.org/discover-wi-fi/wi-fi-certified-wmm-programs 
wmm_enabled=1

# Enable WPA. Needed for WPA3
wpa=2

# Set of accepted key management algorithms (SAE = WPA3 / WPA-PSK = WPA2)
wpa_key_mgmt=SAE
rsn_pairwise=CCMP

# ieee80211w: Enable management frame protection (MFP)
ieee80211w=2

sae_password=password|vlanid=100
root@router ~# ip l
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: wan0:  mtu 1500 qdisc mq state UP qlen 1000
    link/ether xx:xx:xx:xx:xx:xx brd ff:ff:ff:ff:ff:ff
3: lan:  mtu 1500 qdisc mq state DOWN qlen 1000
    link/ether xx:xx:xx:xx:xx:xx brd ff:ff:ff:ff:ff:ff
4: wlan0:  mtu 1500 qdisc noqueue state UP qlen 1000
    link/ether xx:xx:xx:xx:xx:xx brd ff:ff:ff:ff:ff:ff
9: vlan100@wlan0:  mtu 1500 qdisc noqueue state UP qlen 1000
    link/ether xx:xx:xx:xx:xx:xx brd ff:ff:ff:ff:ff:ff
Hostapd seems to correctly see the VLAN interface : 
RTM_NEWLINK: ifi_index=4 ifname=wlan0 operstate=2 linkmode=0 ifi_family=0 ifi_flags=0x1002 ()
nl80211: Ignore interface down event since interface wlan0 is up
RTM_NEWLINK: ifi_index=9 ifname=vlan100 operstate=2 linkmode=0 ifi_family=0 ifi_flags=0x1002 ()
RTM_NEWLINK: ifi_index=4 ifname=wlan0 operstate=2 linkmode=0 ifi_family=0 ifi_flags=0x1003 ([UP])
RTM_NEWLINK: ifi_index=9 ifname=vlan100 operstate=3 linkmode=0 ifi_family=0 ifi_flags=0x1003 ([UP])
But when I try to connect to the hotspot with a device, hostapd refuses with this debug log: 
SAE: Assign STA xx:xx:xx:xx:xx:xx to VLAN ID 100
Invalid VLAN ID 100 in sae_password
Any ideas?
Asked by Rand0mMan (101 rep)
Oct 31, 2024, 01:01 AM
Last activity: Oct 31, 2024, 01:15 AM
Sidebar Ad - 300x250
Related Questions

Browse more questions from Unix & Linux Stack Exchange

More questions tagged "networking"
More questions tagged "vlan"
More questions tagged "hostapd"
Footer Ad - 728x90