I am using a pair of Access Points configured with WDS (Master/Client).
Both of them are configured with VLAN support, 802.11x (WPA2-EAP) and radsecproxy which points to a remote freeradius server.
Dynamic VLANs work fine on my Master AP:
Feb 12 07:47:24 gw.home hostapd: wlan1: STA d4:a3:3d:c9:cd:04 IEEE 802.11: authenticated
Feb 12 07:47:24 gw.home hostapd: wlan1: STA d4:a3:3d:c9:cd:04 IEEE 802.11: associated (aid 1)
Feb 12 07:47:24 gw.home hostapd: wlan1: CTRL-EVENT-EAP-STARTED d4:a3:3d:c9:cd:04
Feb 12 07:47:24 gw.home hostapd: wlan1: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=1
Feb 12 07:47:25 gw.home radsecproxy[9331]: Access-Accept for user XXXXXX stationid D4-A3-3D-C9-CD-04 from x.x.x.x to 127.0.0.1 (127.0.0.1)
Feb 12 07:47:25 gw.home radsecproxy[9331]: replyh: passing Access-Accept to client 127.0.0.1 (127.0.0.1)
Feb 12 07:47:25 gw.home hostapd: wlan1: STA d4:a3:3d:c9:cd:04 RADIUS: VLAN ID 1
Feb 12 07:47:25 gw.home hostapd: wlan1: CTRL-EVENT-EAP-SUCCESS2 d4:a3:3d:c9:cd:04
Feb 12 07:47:25 gw.home hostapd: wlan1: STA d4:a3:3d:c9:cd:04 WPA: pairwise key handshake completed (RSN)
Feb 12 07:47:25 gw.home hostapd: wlan1: AP-STA-CONNECTED d4:a3:3d:c9:cd:04
Feb 12 07:47:25 gw.home hostapd: wlan1: STA d4:a3:3d:c9:cd:04 RADIUS: starting accounting session 8B795B2AA5CF13EF
Feb 12 07:47:25 gw.home hostapd: wlan1: STA d4:a3:3d:c9:cd:04 IEEE 802.1X: authenticated - EAP type: 25 (PEAP)
root@gw:~# brctl show
bridge name bridge id STP enabled interfaces
br-vlan1 7fff.8c3bad4312a9 no eth0.1
wlan0
wlan0.sta1
wlan0.sta2
br-vlan3 7fff.8c3bad4312a8 no eth0.3
On my Client AP I get the following error:
Feb 21 21:03:55 OpenWrt hostapd: wlan0-2: STA d4:a3:3d:c9:cd:04 IEEE 802.11: authenticated
Feb 21 21:03:55 OpenWrt hostapd: wlan0-2: STA d4:a3:3d:c9:cd:04 IEEE 802.11: associated (aid 1)
Feb 21 21:03:55 OpenWrt hostapd: wlan0-2: CTRL-EVENT-EAP-STARTED d4:a3:3d:c9:cd:04
Feb 21 21:03:55 OpenWrt hostapd: wlan0-2: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=1
Feb 21 21:03:55 OpenWrt radsecproxy[21219]: replyh: passing Access-Challenge to client 127.0.0.1 (127.0.0.1)
Feb 21 21:03:55 OpenWrt radsecproxy[21219]: replyh: passing Access-Challenge to client 127.0.0.1 (127.0.0.1)
Feb 21 21:03:55 OpenWrt radsecproxy[21219]: replyh: passing Access-Challenge to client 127.0.0.1 (127.0.0.1)
Feb 21 21:03:55 OpenWrt radsecproxy[21219]: replyh: passing Access-Challenge to client 127.0.0.1 (127.0.0.1)
Feb 21 21:03:55 OpenWrt radsecproxy[21219]: replyh: passing Access-Challenge to client 127.0.0.1 (127.0.0.1)
Feb 21 21:03:55 OpenWrt radsecproxy[21219]: replyh: passing Access-Challenge to client 127.0.0.1 (127.0.0.1)
Feb 21 21:03:55 OpenWrt radsecproxy[21219]: replyh: passing Access-Challenge to client 127.0.0.1 (127.0.0.1)
Feb 21 21:03:55 OpenWrt radsecproxy[21219]: Access-Accept for user XXXX D4-A3-3D-C9-CD-04 from x.x.x.x to 127.0.0.1 (127.0.0.1)
Feb 21 21:03:55 OpenWrt radsecproxy[21219]: replyh: passing Access-Accept to client 127.0.0.1 (127.0.0.1)
Feb 21 21:03:55 OpenWrt hostapd: wlan0-2: STA d4:a3:3d:c9:cd:04 RADIUS: Invalid VLAN 1 received from RADIUS server
Feb 21 21:03:55 OpenWrt hostapd: wlan0-2: STA d4:a3:3d:c9:cd:04 IEEE 802.1X: authentication failed - EAP type: 21 (TTLS)
root@OpenWrt:~# brctl show
bridge name bridge id STP enabled interfaces
br-vlan1 7fff.de9fdb035a45 no eth0.1
wlan0-1
wlan0