VyOS 1.4.x - Some Questions regarding hostapd (wifi AP)

Hi all,

I’m currently evaluate VyOS as an alternative to my current Gentoo installation on a APU2. The most needs were easily possible (did just cost a bit of crawling the Docs). But I have some hazzle with hostapd.

I try to achieve to get multiple SSIDs on a single Wifi-Card. With hostapd itself this is “easy” possible, but i can’t find any Doc on howto do this the VyOS-Way.

I tried creating multiple wireless interfaces with the same physical-device, “iw dev” shows then that there are two AP instances on the physical device, but only one has an SSID.

vyos@fw01# run show configuration commands | grep "wlan1\|wlan2"
set interfaces wireless wlan1 country-code 'de'
set interfaces wireless wlan1 hw-id '<mac_address>'
set interfaces wireless wlan1 mode 'n'
set interfaces wireless wlan1 physical-device 'phy1'
set interfaces wireless wlan1 security wpa mode 'wpa2'
set interfaces wireless wlan1 security wpa passphrase '<psk>'
set interfaces wireless wlan1 ssid 'wlan1'
set interfaces wireless wlan1 type 'access-point'
set interfaces wireless wlan2 country-code 'de'
set interfaces wireless wlan2 physical-device 'phy1'
set interfaces wireless wlan2 security wpa mode 'wpa2'
set interfaces wireless wlan2 security wpa passphrase '<psk>'
set interfaces wireless wlan2 ssid 'wlan2'

vyos@fw01# iw dev
phy#1
        Interface wlan2
                ifindex 13
                wdev 0x100000002
                addr <mac_address_part>:52
                type AP
                txpower 0.00 dBm
        Interface wlan1
                ifindex 6
                wdev 0x100000001
                addr <mac_address_part>:51
                ssid wlan1
                type AP
                channel 11 (2462 MHz), width: 20 MHz, center1: 2462 MHz
                txpower 20.00 dBm
                multicast TXQ:
                        qsz-byt qsz-pkt flows   drops   marks   overlmt hashcol tx-bytes        tx-packets
                        0       0       0       0       0       0       0       0               0

I would expect something like

phy#0
        Interface wifi24_4
                ifindex 16
                wdev 0x2
                addr 02:00:01:af:fe:04
                ssid skynet-iot_2.4GHz
                type AP
                channel 3 (2422 MHz), width: 20 MHz, center1: 2422 MHz
                txpower 20.00 dBm
                multicast TXQ:
                        qsz-byt qsz-pkt flows   drops   marks   overlmt hashcol tx-bytes        tx-packets
                        0       0       1146169 0       0       0       94      261586843               1146170
        Interface wifi24_2
                ifindex 6
                wdev 0x1
                addr 02:00:01:af:fe:02
                ssid skynet (2.4 GHz)
                type AP
                channel 3 (2422 MHz), width: 20 MHz, center1: 2422 MHz
                txpower 20.00 dBm
                multicast TXQ:
                        qsz-byt qsz-pkt flows   drops   marks   overlmt hashcol tx-bytes        tx-packets
                        0       0       114534  0       0       0       88      24307506                114535

The next problem is to get this interfaces into a vlan aware bridge:

vyos@fw01# show
 interfaces {
     bridge br0 {
         enable-vlan
         member {
             interface eth0 {
             }
+            interface wlan1 {
+                native-vlan 2
+            }
...

vyos@fw01# commit

Can not add interface "wlan1" to bridge, VLAN aware cannot be set!

[[interfaces bridge br0]] failed

Any idea what I’m doing wrong here? Thank you

Greetings
Matthias

@fernando @n.fort - can you help mkrsn with this? I assumed to set up multiple SSIDS on a single Wifi card, mkrsh will need to create a sub-interface for each SSID.

Hi Joe,

thank you for the hint. I’ve tested it in the meanwhile. Unfortunately this also won’t work.

[edit]
vyos@fw01# set interfaces wireless wlan0 vif 2 ssid

  Configuration path: interfaces wireless wlan0 vif 2 [ssid] is not valid
      
[edit]
vyos@fw01# set interfaces wireless wlan0 vif 2 
Possible completions:
+  address              IP address
   description          Description
 > dhcp-options         DHCP client settings/options
 > dhcpv6-options       DHCPv6 client settings/options
   disable              Administratively disable interface
   disable-link-detect  Ignore link state changes
   egress-qos           VLAN egress QoS
   ingress-qos          VLAN ingress QoS
 > ip                   IPv4 routing parameters
 > ipv6                 IPv6 routing parameters
   mac                  Media Access Control (MAC) address
 > mirror               Mirror ingress/egress packets
   mtu                  Maximum Transmission Unit (MTU) (default: 1500)
   redirect             Redirect incoming packet to destination
   vrf                  VRF instance name

vyos@fw01# set interfaces wireless wlan0.1 ssid "wlan0.1"

  
  
  Wireless interface must be named wlanN
  Value validation failed
  Set failed

[edit]

I assume it’s currently not possible with VyOS. So I should open a feature request?

Greetings
Matthias

Hi @mkrsn - Thank you for sharing the error message. It seems that there are constraints associated with the naming convention for wireless interfaces and VIFs.

You can give this a try: By adding sub-interface wlan1.1 with the VLAN ID 2 and configured it with the second SSID (wlan2).

set interfaces wireless wlan1 country-code ‘de’
set interfaces wireless wlan1 hw-id ‘<mac_address>’
set interfaces wireless wlan1 mode ‘n’
set interfaces wireless wlan1 physical-device ‘phy1’
set interfaces wireless wlan1 security wpa mode ‘wpa2’
set interfaces wireless wlan1 security wpa passphrase ‘’
set interfaces wireless wlan1 ssid ‘wlan1’
set interfaces wireless wlan1 type ‘access-point’
set interfaces wireless wlan1.1 ssid ‘wlan2’
set interfaces wireless wlan1.1 vlan-id '2

If it doesn’t work, opening a feature request to address this limitation would be a constructive approach.

Best,
Joe

@JoeN @mkrsn

I strongly suggest , open a case on vyos.dev , also , share all the details from you environment. what is means , version , wireless card , drive used or recommend by the vendor . So our developer teams can have an idea what is going wrong . Does wnic support vlans? you can achieved it on Gentoo .