Date: Sat, 7 Jan 2017 14:29:32 +0000 From: James Elstone <james.c.elstone@gmail.com> To: Lev Serebryakov <lev@freebsd.org> Cc: freebsd-wireless@freebsd.org Subject: =?UTF-8?Q?Re=3A_Multiple_APs_=28one_of_which_is_=22software=22=29_under_?= =?UTF-8?Q?control_of_one_FreeBSD_system_=2F_hostapd_=E2=80=94_how_to=3F?= Message-ID: <CANocirngx4WC1RvwGpYe5Gw85=zud1iZ0hBNzgGH5kntrOJL1g@mail.gmail.com> In-Reply-To: <1847104354.20170107151410@serebryakov.spb.ru> References: <1847104354.20170107151410@serebryakov.spb.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Lev, There are many ways to do this; I have APs running FreeBSD and roaming works kind of OK without any additional ports being installed. The trick is to have both SSIDs (WiFi network name) the same and the same security settings on each but run them on non-overlapping channels. Each AP will have its own MAC address thus, by default, driving each AP to have a different BSSID, which is what you want. The client (supplicant) will choose which BBSID to connect to for the selected WiFi Network name based on single strength. Different supplicants (android versus apple) behave differently but most will usually hold onto the current BSSID until a lower strength threshold is past and then it rescans for a stronger BSSID advertising the selected SSID. The "kind of" bit is that the decision to roam to a new BSSID is made by the client. The client maybe trying to prevent roaming to preserve battery life, but can on overridden in most cases by an app or setting, ( e.g. enabling "Always allow WLAN Roam Scans" under Developer Options on Android improves the behaviour, and can be monitored by consulting "Wifi Analyzer" from Google Play). This switch over may well cause a TCP Reset to be issued under certain circumstances for active connections. The Cisco Wireless tech allows spoofing of BSSIDs and encapsulated backhaul of data to a single handoff point to a router, etc. to provide a more seamless experience. It also allows roaming of both Layers 2 and 3, but is expensive and requires a different level of understanding to implement correctly. All depends on the requirements you have I suppose. A path for you maybe to setup a new VLAN interface on your router, extend the VLAN to your new AP (access port or untagged if using COTS) over the switch and bridge the new VLAN interface with the exist WiFi Interface and see how you get on? Bridging and VLAN interface config are well documented in the Handbook and elsewhere. If you don't want to mirror security settings on the second AP, or you want to use a client identification system, it may be a Radius server is the best way forwards. Alternatively you could consider replicating everything but channel ID over SSH using (insert sync protocol / method of choice) for HostAP / WPA supplicant, etc. LPT: use a static IP on your WiFi client when developing / debugging and make sure you have ability to ping (icmp) from roaming device (which on an Android non-rooted device is easier said than done), the IP address will be the same regardless to which AP you connect in the above example path. LPT: Draw this out twice with IP and MAC addresses on: one logically showing the VLANs as separate wires and one physically showing connections in reality. Does this answer your question or provide a bit of guidance? Kind regards, James. On 7 Jan 2017 12:14, "Lev Serebryakov" <lev@freebsd.org> wrote: > Hello Freebsd-wireless, > > Now I'm have custom-build WiFi/Ethernet router which runs FreeBSD. It is > rather typical: two ethernet NICs (one for IS, second for my home wired > network, plugged into switch), one WiFi NIC (ath) which works in AP mode > (single SSID, nothing fancy) with hostapd and provide WiFi in my home. > This box runs DNS, dhcpd, firewall, NAT to ISP, IPv6 tunnel, VPN to my > work > office, etc. Typical small-scale router which uses a lot of FreeBSD > networking > features. > > One detail which is important for my question: I don't use bridge between > wlan and internal wired interface, they have different IPv4 and IPv6 > networks and box routes between them (with some firewalling). > > I'm using WPA2-PSK security on wlan interface, with help of hostapd > (no RADIUS). > > I want to add second physical AP to this config. Not VAP on existing wlan > card, or second wlan card to router, but separate "dumb" off-the-shelf > WiFi > AP to improve WiFi reception on other end of my home. I want it to be > connected by wire (to the same switch as my wired network), not in > wireless > repeater mode, as repeater mode consume too much bandwidth. > > But I want to have only one WiFi network, with transparent "roaming" > between APs and I don't want to configure security twice (in hostpad and > separate "hardware" AP) and I want my router to see WiFi network as one > interface, no matter which AP client uses (in same way as wired interface > in router doesn't bother which switch port is used by wired client). > > Is it possible to achieve this goal with FreeBSD and hostapd, not with > Cisco Wireless LAN Controller? :) > > I could put external AP to separate VLAN (my switch supports this). Is it > enough to bridge router's wlan interface (AP) and VLAN with external > (physical) AP and run hostpad (and all other services, like dhcpd) on this > bridge interface? Will it work? Or should I do something more specific? > > I could not find any documentation about such config (Linux or FreeBSD, > doesn't matter), all "multiple APs" how-tos are about multiple SSIDs on > one > interface. > > Maybe, this question is not completely FreeBSD-specific, but as I'm > using > FreeBSD, I think this list is appropriate enough for it. > > > -- > Best regards, > Lev mailto:lev@FreeBSD.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CANocirngx4WC1RvwGpYe5Gw85=zud1iZ0hBNzgGH5kntrOJL1g>