What's new

private pre-shared keys, is it possible to configure hostapd

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!


New Around Here
I watched a YouTube video made by apalrd channel titled One Wifi, multiple networks...the host in this video showed a interesting technique on how to isolate your IoT gadgets into different VLANS but only have one SSID. For security it uses an external radius server to configure unique pre shared keys per MAC address. He used MikroTik AP that supports MAC based Radius and linux vm with freeradius. In video he said it looks like OpenWRT is pretty close to support this as well. In the comments he told me that if the GUI doesn't support it the hostapd configuration is where this can be configured on the AP.
I do have a AC86 and two AC68 with Merlin FW. I did SSH into my AC86 and searched for hostapd, but I didn't find any thing. Further I looked at the help on how to add to the configuration via text files, but nothing with hostapd there either. When I search here on the forums hostapd is found in users log files. So it looks like this is used. I know that Merlin uses some binery blobs, but I thought with this part being open source I should be able to do something. So my question is if this is something that can be rigged up or because of property non open source blobs this part is not accessible?


Part of the Furniture
IIRC hostapd isn't used on the "AC" routers, only the AX models. Even there you can't do much with it as it's not intended to be user-configurable. Merlin's firmware doesn't officially support VLANs either so this is probably the wrong way to go. You might have better luck with FreshTomato.


Asuswrt-Merlin dev
Earlier Asus routers used a proprietary Broadcom service, they don't use hostapd.

Tech Junky

Very Senior Member

I used to use hostapd on my DIY setup when I used an internal card before upgrading to a WIFI6 AP that's external. It's funny though that if you peel back the pretty GUI on most devices you'll find it un use. My AP uses it as well as a mid level enterprise device it was kind of shocking to see it in there though even high end service provider devices use Linux under the hood and then overlay their custom CLI commands that trigger the underlying command scripts.

You can build your own router / AP out of a PC and use hostapd and all of the other options since it all runs on Linux anyway. Doesn't take much and there's a bunch of homebrew posts on the web to get it configured and running. It's been the best option for me since I got sick of dumping money into routers that just get broken by the companies that make them when they push firmware to them. With Linux I have a much more stable option since I pick when to upgrade the kernel and don't get force fed anything I don't need. Going DIY though also allowed me to condense the umber of things plugged in to a single box / now two w/ the AP. I rolled in a DVR / NAS / firewall / router / switch / AP / etc. originally. The flexibility of the network side though is nice as well since if you want to upgrade beyond gigabit speeds all you do is slap in a different NIC and change a couple of lines in the interfaces file to match the new interface name. You can also bond / bridge ports together easily to get more bandwidth from your ISP or provide more LAN bandwidth to another device like a NAS.

Starting off though it's relatively cheap at around $200 for a SFF PC / NIC with more ports. The sky is the limit though for costs as the only limits are your budget and imagination as to what you want to do with the box.


New Around Here
Thanks, everyone for your input, I consider this case closed. Because I have one configured as a router and the other two as APs there is no good solution because I use file-sharing and printer sharing feature. So I can not use the mesh feature with guest SSIDs, I think otherwise this would do what I want.

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!