On Thu, 2015-09-17 at 16:54 +1000, Paul Julian wrote:
You didn't say anything about requiring encrypted channels for each user in your original question, just the use of a PSK.
Welll - a PSK is a "pre shared key", kinda thought the crypto was implied. And I said "we want to provide several people with wifi access, but we don't want them all on the same SSID or using the same PSK." OK, maybe I could have been more clear.
My "kind of" reference to doubling up was referring to the use of a PSK for authentication and encryption for a user to the wireless interface and authentication using a hotspot login. A PSK will do both ultimately and a hotspot login will only do one, but they will both provide a method of authenticating a device/user.
PSK doesn't authenticate users at all. It authenticates only the device (as you yourself said). However, but giving each user (or small group of users) their own unique PSK, you can close to authenticating users. The hotspot stuff seems to operate at user level for authentication; I guess the auth can be encrypted, but the resulting access is not (as far as I can tell). All the other hotspot stuff looks very nice, but without encrypted connections its all moot for us :-(
You can specify a separate security profile for every VAP if you want, so what's the issue ? Just setup 10 or 20 VAP's and 10 or 20 Security Profiles with different PSK's.
We seem to have a crossed wire. That's exactly what I'm talking about doing. My actual question was how many such VAPs the MikroTik can support. Regards, K. -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Karl Auer (kauer@nullarbor.com.au) work +61 2 64957435 http://www.nullarbor.com.au mobile +61 428 957160 GPG fingerprint: 9DCA 0903 BCBD 0647 BCCC 2FA7 A35C 57A1 ACF9 00BB Old fingerprint: 231A B066 CF91 1216 4F0F F2AC CE25 B8AA 46DC CC4F