# Dynamic VLAN mode; allow RADIUS authentication server to decide which VLAN
# is used for the stations. This information is parsed from following RADIUS
# attributes based on RFC 3580 and RFC 2868: Tunnel-Type (value 13 = VLAN),
# Tunnel-Medium-Type (value 6 = IEEE 802), Tunnel-Private-Group-ID (value
# VLANID as a string). Optionally, the local MAC ACL list (accept_mac_file) can
# be used to set static client MAC address to VLAN ID mapping.
# 0 = disabled (default)
# 1 = option; use default interface if RADIUS server does not include VLAN ID
# 2 = required; reject authentication if RADIUS server does not include VLAN ID
#dynamic_vlan=0
Enterprise Wi-Fi authentication also enables advanced features such asputting users dynamically into a specific VLAN (e.g. separate guest andstaff logins into different IP networks even though being on the sameSSID), and dynamic ACLs
DEFAULT NAS-Port-Type == Wireless-802.11
Tunnel-Type = 13,
Tunnel-Medium-Type = 6,
Tunnel-Private-Group-Id = "700"
wlan0: RADIUS Received 186 bytes from RADIUS server
wlan0: RADIUS Received RADIUS message
wlan0: STA cc:fa:00:x:x:x RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec
RADIUS packet matching with station cc:fa:00:x:x:x
wlan0: STA cc:fa:00:x:x:x RADIUS: VLAN ID 700
VLAN: vlan_add_dynamic(vlan_id=700 ifname=wlan0.#)
wlan0: STA cc:fa:00:x:x:x IEEE 802.11: could not add dynamic VLAN interface for vlan_id=700
wlan0: STA cc:fa:00:x:x:x IEEE 802.1X: decapsulated EAP packet (code=3 id=87 len=4) from RADIUS server: EAP Success
EAP: EAP entering state AAA_RESPONSE
EAP: getId: id=87
EAP: EAP entering state SEND_REQUEST2
EAP: EAP entering state IDLE2
EAP: retransmit timeout 3 seconds (from dynamic back off; retransCount=0)
IEEE 802.1X: cc:fa:00:x:x:x BE_AUTH entering state REQUEST
wlan0: STA cc:fa:00:x:x:x IEEE 802.1X: Sending EAP Packet (identifier 87)
IEEE 802.1X: cc:fa:00:x:x:x - (EAP) retransWhile --> 0
EAP: EAP entering state RETRANSMIT2
EAP: EAP entering state IDLE2
EAP: retransmit timeout 6 seconds (from dynamic back off; retransCount=1)
IEEE 802.1X: cc:fa:00:x:x:x BE_AUTH entering state REQUEST
wlan0: STA cc:fa:00:x:x:x IEEE 802.1X: Sending EAP Packet (identifier 87)
If I understood things correctly the VLAN tagging should happen on the LAN interface, not the WLAN interface.And it tries to do so only it can't create the vlan on the wlan interface.
# Interface where 802.1q tagged packets should appear when a RADIUS server is
# used to determine which VLAN a station is on. hostapd creates a bridge for
# each VLAN. Then hostapd adds a VLAN interface (associated with the interface
# indicated by 'vlan_tagged_interface') and the appropriate wireless interface
# to the bridge.
#vlan_tagged_interface=eth0
Line 975: unknown configuration item 'vlan_tagged_interface'
1 errors found in configuration file '/etc/hostapd.conf'
VLAN: vlan_add_dynamic(vlan_id=700 ifname=vr0.700)
wlan0: STA cc:fa:00:x:x:x IEEE 802.11: could not add dynamic VLAN interface for vlan_id=700
wlan0: STA cc:fa:00:x:x:x IEEE 802.1X: decapsulated EAP packet (code=3 id=87 len=4) from RADIUS server: EAP Success
VLAN: vlan_add_dynamic(vlan_id=700 ifname=vr0)
wlan0: STA cc:fa:00:x:x:x IEEE 802.11: could not add dynamic VLAN interface for vlan_id=700
wlan0: STA cc:fa:00:x:x:x IEEE 802.1X: decapsulated EAP packet (code=3 id=87 len=4) from RADIUS server: EAP Success
This is part of the hostapd(8) (/usr/sbin/hostapd) and net/hostapd (/usr/local/sbin/hostapd) confusion.Code:Line 975: unknown configuration item 'vlan_tagged_interface' 1 errors found in configuration file '/etc/hostapd.conf'
/usr/local/sbin/hostapd
and /usr/sbin/hostapd
have this error.# /usr/local/sbin/hostapd -d /etc/hostapd.conf
Configuration file: /etc/hostapd.conf
ctrl_interface_group=0
Line 975: unknown configuration item 'vlan_tagged_interface'
1 errors found in configuration file '/etc/hostapd.conf'
Failed to set up interface with /etc/hostapd.conf
hostapd_init: free iface 0x2882c000
Failed to initialize interface
# /usr/sbin/hostapd -d /etc/hostapd.conf
Configuration file: /etc/hostapd.conf
ctrl_interface_group=0
Line 975: unknown configuration item 'vlan_tagged_interface'
1 errors found in configuration file '/etc/hostapd.conf'
Failed to set up interface with /etc/hostapd.conf
hostapd_init: free iface 0x28829000
Failed to initialize interface