Page MenuHomeVyOS Platform
Create Task
Maniphest T5491

Hostapd - AP-Mode - allow white-/blacklisting of Clients
Closed, ResolvedPublicFEATURE REQUEST
Actions

Description

It would be great when the CLI would have a possibility to create a black-/whitelisting of MAC-Addresses.

The necessary config-parts of hostapd would be:

# Station MAC address -based authentication
# Please note that this kind of access control requires a driver that uses
# hostapd to take care of management frame processing and as such, this can be
# used with driver=hostap or driver=nl80211, but not with driver=atheros.
# 0 = accept unless in deny list
# 1 = deny unless in accept list
# 2 = use external RADIUS server (accept/deny lists are searched first)
macaddr_acl=0

# Accept/deny lists are read from separate files (containing list of
# MAC addresses, one per line). Use absolute path name to make sure that the
# files can be read on SIGHUP configuration reloads.
#accept_mac_file=/etc/hostapd.accept
#deny_mac_file=/etc/hostapd.deny

example content of hostapd.accept

# List of MAC addresses that are allowed to authenticate (IEEE 802.11)
# with the AP. Optional VLAN ID can be assigned for clients based on the
# MAC address if dynamic VLANs (hostapd.conf dynamic_vlan option) are used.
00:11:22:33:44:55
00:66:77:88:99:aa
00:00:22:33:44:55   1

example content of hostapd.deny

# List of MAC addresses that are not allowed to authenticate (IEEE 802.11)
# with the AP.
00:11:22:33:44:55
00:66:77:88:99:aa

Details

Difficulty level
Normal (likely a few hours)
Version
1.4-rolling
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Perfectly compatible
Issue type
Feature (new functionality)

Event Timeline

mkrsn created this task.Aug 18 2023, 10:53 AM
mkrsn updated the task description. (Show Details)Aug 18 2023, 10:56 AM
c-po claimed this task.Aug 18 2023, 8:41 PM
c-po triaged this task as Wishlist priority.
c-po added a comment.Aug 20 2023, 1:04 PM

PR https://github.com/vyos/vyos-1x/pull/2159

c-po changed the task status from Open to In progress.Aug 20 2023, 1:05 PM
c-po changed Difficulty level from Unknown (require assessment) to Normal (likely a few hours).
c-po changed Version from - to 1.4-rolling.
c-po changed Is it a breaking change? from Unspecified (possibly destroys the router) to Perfectly compatible.
pasik added a subscriber: pasik.Aug 20 2023, 6:19 PM
c-po added a comment.Aug 23 2023, 6:25 PM
set interfaces wireless wlan0 security station-address mode <accept|deny>
set interfaces wireless wlan0 security station-address accept mac <mac>
set interfaces wireless wlan0 security station-address deny mac <mac>
c-po closed this task as Resolved.Aug 23 2023, 6:25 PM