On Fri, 2015-09-18 at 08:54 +1000, Mike Everest wrote:
You can do it all with EAP and RADIUS - allows you to set WDS password for every individual user if you want to in radius profile, then set connection parameters according to the auth'ed user: IP address, filter chain, packet marks, routing table, vlan-id, and more! So radius profile or radius group will control who gets to talk to each other and who is isolated. May take a little longer to get it all put together, but gives you the ultimate in flexibility in the end ;)
WDS?!? I must have missed a memo, I thought that was basically a method of halving your wifi input while lowering your security level? But the rest sounds very nice, do please point me to some how-tos :-) I got the very definite impression from several third-party articles and from the MikroTik doco that hotspot associations were not encrypted (though the auth exchange is in some circumstances). No amount of whizzbangery is any use to me if the association itself is not encrypted. Regards, K. -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Karl Auer (kauer@nullarbor.com.au) work +61 2 64957435 http://www.nullarbor.com.au mobile +61 428 957160 GPG fingerprint: 9DCA 0903 BCBD 0647 BCCC 2FA7 A35C 57A1 ACF9 00BB Old fingerprint: 231A B066 CF91 1216 4F0F F2AC CE25 B8AA 46DC CC4F