Posted: Tue Oct 07, 2014 22:34 Post subject: VAP / multiple BSSID count
Hello fellows,
I'm building a little network for my comrades and myself and now I guess I hit a (hopefully only gui based) border.
I'd like to establish a VAP for every user so they/I can change the key without every other user having to reset their wifi settings and also putting everyone into a vlan through that.
But I noticed that on two different routers, E4200 with kingkong build 22200M and RT-N16 with initial flash image SVN14896, mega SVN24160 and mega SVN24461 (so I guess it isn't caused by a specific build), I can only add up to three VAPs.
Is it only a limit enforced by dd-wrt to protect from overusing or maybe a limitation of the broadcom chipsets?
I even tried setting up wl0.4 for testing purposes manually by adding the necessary nvram variables and it shows up in the web gui perfectly fine, but it isn't working. Obviously, the wl0.4 device isn't created, but I wasn't able to do it by myself with ifconfig and wl.
There, I am at my wit's end.
Please tell me that it is possible to add more VAPs, and how. I am quite experienced using the console and linux in general, but dd-wrt keeps me within bounds sometimes.
I'd like to avoid setting up multiple routers to get more than four (RT-N16, because I can add/exchange external antennas without soldering) BSSIDs.
There won't be much traffic on the wifis, mostly phones and tables without ethernet adapters, of course, and I need the VAPs to seperate them into vlans.
Interesting. If there were a limit I never would have guessed it would have been just three. I use the RT-N16 quite often and I'm usually just setting up a "Guest" interface that user's connect to. Definitely get why you want to have a VAP for each user but I wonder if that's "by design" to limit the number of VAPs
If the only goal were to have different passwords/keys for each user, you could use WPA2 Enterprise with FreeRADIUS or any other RADIUS implementation. No need for different VAPs then. Every user could have his own username/password and/or certificate and change that on the RADIUS server if needed.
As VLANs are not very intuitive to configure via GUI or console (at least for me), I have given up on them. And there's also a VID limitation on some(most?) routers. You can only use ID 1-15, not the whole range.
Sorry to dredge up an old thread, but has there been any thought regarding increasing the number of VAPs per band? It's still set at three (four total SSIDs per band) after all these years...
I have more than four VLANs on my network, and would like to be able to access them without having to divide them up among multiple access points.
Posted: Wed Jan 18, 2017 16:18 Post subject: Adding more virtual interfaces
As a follow-on to this, does anyone know what the process might be to manually add additional VAP/BSSIDs? If the GUI isn't going to be modified, I'm curious how to do it by command line.
In the NVRAM, there are quite a few settings for each virtual interface. Obviously, those can be duplicated (with slight modifications) for additional interfaces, but I suspect that won't be enough. Would an additional startup "ifconfig" adding more interfaces also be necessary? What else would be involved?
Posted: Wed Jan 18, 2017 16:26 Post subject: Re: Adding more virtual interfaces
Hey Jonathan,
I was very surprised to get a new reply notification on this topic after the years
Like you, I am still interested in this topic as it would have some use cases where more VAPs are possible.
I didn't try it in more recent versions but as I said in the opening post, I wasn't able to create more by console with nvram and wl / ifconfig. That being said doesn't mean it is impossible, just I wasn't capable.
Sadly, nobody said if it is a driver / chipset / kernel / whatever restriction or if we just didn't take a step.
Last edited by SilverstarX on Wed Jan 18, 2017 18:03; edited 1 time in total
I have to believe it's a firmware/settings issue - I've read elsewhere on the forums that the limit was arbitrarily set by DD-WRT programming, probably to keep the GUI page from getting out of control. Still hoping for a non-multiple-access-point solution.
Joined: 13 Aug 2013 Posts: 6870 Location: Romerike, Norway
Posted: Wed Jan 18, 2017 21:29 Post subject:
A workaround is to have one SSID that is open and without encryption.
After you have connected to the AP, use a VPN client that connect to one VPN server for each VLAN.