Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

You don't want "unlimited" SSIDs-- you want a RADIUS-assigned VLAN and a single SSID. The credentials used to associate determine which VLAN the traffic dumps into. Your UniFi gear will do it.

Of course, a lot of consumer-grade hardware won't do 802.1x so you end up stuck with needing a bunch of SSIDs (and wasting air-time on beacons).



Of course, a lot of consumer-grade hardware won't do 802.1x so you end up stuck with needing a bunch of SSIDs (and wasting air-time on beacons)

Yes, that's why I want more SSID's. My internal network does use 802.1x, but as you said, few devices outside of laptops support it.


You probably shouldn’t deploy an one-SSID model for your home network.

Not many kernel can separate traffic within a single SSID (even if you did use VLAN, tcpdump on a malicious IoT can still view the traffic.

Better to have four to seven SSID, each mapped to a subnet. Make one subnet/SSID for encrypted MAC with laptops.

Cable TV, Smart TV, power-line LAN adapters, smart lightbulbs and webcams should go on separate SSID/subnet.


Or just one SSID, where you directly put all the Androids, iPhones, IoTs, and similar garbage in addition to your trusted devices connected via a overlay wireguard network on top in full mesh configuration.

You will not have to trust the potentially outdated wifi firmware, that is quite likely vulnerable to all the latest holes in wifi security.


Wait so does enterprise wifi just send all VLAN traffic to every device despite a login being assigned to a single VLAN?




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: