You didn't say anything about requiring encrypted channels for each user in your original question, just the use of a PSK. My "kind of" reference to doubling up was referring to the use of a PSK for authentication and encryption for a user to the wireless interface and authentication using a hotspot login. A PSK will do both ultimately and a hotspot login will only do one, but they will both provide a method of authenticating a device/user. You can specify a separate security profile for every VAP if you want, so what's the issue ? Just setup 10 or 20 VAP's and 10 or 20 Security Profiles with different PSK's. Paul -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Karl Auer Sent: Thursday, 17 September 2015 4:44 PM To: public@talk.mikrotik.com.au Subject: Re: [MT-AU Public] virtual APs - how many? On Thu, 2015-09-17 at 15:27 +1000, Paul Julian wrote:
PSK is a device auth system, hotspot doesn't care about it but the wireless interface does, whilst I haven't done it I can't imagine why you couldn't do PSK on a hotspot wifi interface, but it would be doubling up kind of....
Doubling up on what? The MikroTik doco says that the connection from user device to the router is not encrypted. Obviously individual users can use VPNs or HTTPS or whatever to encrypt their own traffic, but we want to provide an encrypted channel at least in the air. One PSK for everyone is not good enough. I think that ten or twenty vAPs will be ample for our needs, if that. Regards, K. -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Karl Auer (kauer@nullarbor.com.au) work +61 2 64957435 http://www.nullarbor.com.au mobile +61 428 957160 GPG fingerprint: 9DCA 0903 BCBD 0647 BCCC 2FA7 A35C 57A1 ACF9 00BB Old fingerprint: 231A B066 CF91 1216 4F0F F2AC CE25 B8AA 46DC CC4F _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au