[isf-wifidog] Multiple SSIDs - WPA support for Wifidog on the WRT54g
fproulx at edito.qc.ca
Sam 18 Mar 03:05:48 EST 2006
I've started investigating on WPA (Radius) in TKIP/AES mode lately. I got
my WRT54g to authenticate users through a 802.1X / WPA scheme against my
OpenLDAP (OS X 10.4 Server users database). I works really nicely and
provides per-user / per-connection encryption.
What's even more interesting is that I read that the Broadcom chip inside
the WRT54g can do multiple SSIDs (although all on the same channel, but
it's not that bad in our case). DD-WRT will implement the feature in its
next build. The feature has been requested on OpenWRT's Trac so it's
coming in the next few months.
What this all means is that we could provide in-the-air encryption for
user connected to our hotspots. One SSID would be in the clear (no WEP or
WPA) letting new users create a free account. The second SSID would
provide a 802.1X scheme authenticating against a central RADIUS server.
Wifidog would have to be modified to greet users already authenticated and
redirecting them straight to the portal page.
I know it's a low priority feature, but it's something that we've been
talking about for a long time without any real solution since we thought
we could not do multiple SSIDs.
More information about the WiFiDog