private pre-shared keys, is it possible to configure hostapd

[alpha]

I watched a YouTube video made by apalrd channel titled One Wifi, multiple networks...the host in this video showed a interesting technique on how to isolate your IoT gadgets into different VLANS but only have one SSID. For security it uses an external radius server to configure unique pre shared keys per MAC address. He used MikroTik AP that supports MAC based Radius and linux vm with freeradius. In video he said it looks like OpenWRT is pretty close to support this as well. In the comments he told me that if the GUI doesn't support it the hostapd configuration is where this can be configured on the AP.
I do have a AC86 and two AC68 with Merlin FW. I did SSH into my AC86 and searched for hostapd, but I didn't find any thing. Further I looked at the help on how to add to the configuration via text files, but nothing with hostapd there either. When I search here on the forums hostapd is found in users log files. So it looks like this is used. I know that Merlin uses some binery blobs, but I thought with this part being open source I should be able to do something. So my question is if this is something that can be rigged up or because of property non open source blobs this part is not accessible?

 

[ColinTaylor]

IIRC hostapd isn't used on the "AC" routers, only the AX models. Even there you can't do much with it as it's not intended to be user-configurable. Merlin's firmware doesn't officially support VLANs either so this is probably the wrong way to go. You might have better luck with FreshTomato.

 

[RMerlin]

Earlier Asus routers used a proprietary Broadcom service, they don't use hostapd.

 

[Tech Junky]

@alpha

I used to use hostapd on my DIY setup when I used an internal card before upgrading to a WIFI6 AP that's external. It's funny though that if you peel back the pretty GUI on most devices you'll find it un use. My AP uses it as well as a mid level enterprise device it was kind of shocking to see it in there though even high end service provider devices use Linux under the hood and then overlay their custom CLI commands that trigger the underlying command scripts.

You can build your own router / AP out of a PC and use hostapd and all of the other options since it all runs on Linux anyway. Doesn't take much and there's a bunch of homebrew posts on the web to get it configured and running. It's been the best option for me since I got sick of dumping money into routers that just get broken by the companies that make them when they push firmware to them. With Linux I have a much more stable option since I pick when to upgrade the kernel and don't get force fed anything I don't need. Going DIY though also allowed me to condense the umber of things plugged in to a single box / now two w/ the AP. I rolled in a DVR / NAS / firewall / router / switch / AP / etc. originally. The flexibility of the network side though is nice as well since if you want to upgrade beyond gigabit speeds all you do is slap in a different NIC and change a couple of lines in the interfaces file to match the new interface name. You can also bond / bridge ports together easily to get more bandwidth from your ISP or provide more LAN bandwidth to another device like a NAS.

Starting off though it's relatively cheap at around $200 for a SFF PC / NIC with more ports. The sky is the limit though for costs as the only limits are your budget and imagination as to what you want to do with the box.

 

[alpha]

Thanks, everyone for your input, I consider this case closed. Because I have one configured as a router and the other two as APs there is no good solution because I use file-sharing and printer sharing feature. So I can not use the mesh feature with guest SSIDs, I think otherwise this would do what I want.