Distributed Wireless
A bunch of wireless access points running 802.11r in a bridged network, based on linux, hostapd, ect.
Objectives:
- distributed, redundant, optimised, converged coverage
Hardware:
Raspberry Pi 3B is ok for testing supporting either spectrum (2.4 or 5.0) in ht mode
SBC with dual concurrent radios to test .. Wally’s Communications DR6018 and DR6018-S V02
OS:
DD-WRT ( I really should revisit this, but seems like bloatware
Ubuntu server for ARM seems like a better option
Build:
apt-get install rfkill hostapd bridge-utils cpufrequtils dnsmasq htop lldpd sshpass wireless-tools
remove snap from ubuntu
Netplan
Don’t need to configure wlan interfaces into the bridge hostapd will do this, loopback is a /32 from within the bridge lan range (linux is crap at strict routing so this will actually work), loopback duplicated on all AP’s for distributed DHCP, DNSMasq, ect
version: 2
renderer: networkd
ethernets:
eth0:
dhcp4: false
dhcp6: false
lo:
match:
name: lo
addresses:
- 192.168.200.251/32
bridges:
br0:
dhcp4: false
dhcp6: false
addresses:
- 192.168.200.201/24
gateway4: 192.168.200.250
interfaces:
- eth0
Hostapd
country_code=NZ
interface=wlan0
bridge=br0
ssid=ssid here
auth_algs=1
macaddr_acl=0
ignore_broadcast_ssid=0
wpa=2
wpa_passphrase=password here
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP
hw_mode=a
wmm_enabled=1
iapp_interface=br0
okc=1
ieee80211n=1
require_ht=1
ht_capab=[MAX-AMSDU-3839][HT40+][SHORT-GI-20][SHORT-GI-40][DSSS_CCK-40]
ieee80211ac=1
ieee80211ac=1
require_vht=1
ieee80211d=0
ieee80211h=0
vht_capab=[SHORT-GI-80][SU-BEAMFORMEE]
vht_oper_chwidth=1
channel=36
#vht_oper_centr_freq_seq_idx=42
disassoc_low_ack=1
multicast_to_unicast=1
#proxy_arp=1
#rssi_reject_assoc_rssi=-75
#rssi_ignore_probe_request=-75
rssi_reject_assoc_timeout=10
mobility_domain=a1b2
nas_identifier=b827eb3b638c
r0_key_lifetime=10000
r1_key_holder=b827eb3b638c
reassociation_deadline=1000
#ft_over_ds=1
r0kh=ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff
DNSMasq
port=53
domain-needed
resolv-file=/etc/resolv.dns
strict-order
server=/200.168.192.in-addr.arpa/192.168.200.250
address=/double-click.net/127.0.0.1
ipset=/yahoo.com/google.com/vpn,search
server=192.168.200.250@br0
interface=br0
Thinks to do
Docker and Openshift Origin
Salt Stack package and configuration management
sshd authentication allow non privilege users during startup/shutdown
pretty sure if I set the radius interface and nas identifier it will control which interface hostapd used for broadcast
cluster DHCP and DNSMasq if required
Clean up and format this blog
TCP multipath dual ip uplinks
wireless backhaul backup
QoS/WMM
build standard vlan on bridge interface (management lan, user, security ect)
build mutiple SSID to vlan
something like vrf to ensure segmentation of SSID/VLANS
Manage all this via salt.. and look into dbus remote send
move to WPA3 or Radius or something more secure
Zigbee and BT....
Wifi spectrum management (channel management/switching)
RF location services
DHCP PXE boot for future management of zigbee ect.
802.11ac dongle, onboard 5ghz radio and antenna are weak switched to 2.4(g)
Do I
local cluster/bind9 <--> local dnsmasq
local cluster/bind isc-dhcp-server <--> local dnsmasq
Why, bind9 able to look up root no fowarder required, and local entries for windows ect, but dnsmasq for fast caching .. is it overkill, bind9 is supposed to cache too in ram, but we want this highly available and fast
Same for dhcp fast/redundancy
References / Reading
http://www.routereflector.com/2016/11/working-with-vrf-on-linux/
https://www.raspberrypi.org/documentation/configuration/wireless/access-point-bridged.md
http://ftp.gwdg.de/pub/linux/linux-magazin/listings/raspberry-pi-geek.com/04/AccessPoint/Listing04.txt
https://www.linux.com/topic/networking/advanced-dnsmasq-tips-and-tricks/














