I am setting up an AP and have create virtual wifi interfaces for my 3 different SSIDs. They are children of the master interface.
I don’t want to assign a SSID to the master interface, as I don’t want anyone to connect to it. Is that a valid approach? If so, how do I prevent someone from connecting to the master wifi interface?
If not valid, must I delete and child virtual interface and assign its SSID to the master? Or what’s the right way to do this?
You can not disable master interface and have at the same time the related virtual interfaces active.
You need to move one of the virtual interfaces to master.
Depends on what you want to accomplish. Please explain in a functional way about the SSID's and the desired situation (and not the how).
Just like you configure other virtual interfaces...
With a password?
if i’m not going to use it, why assign a ssid and password? I think holvetn’s anser is right
Yes. You could go one step further, I think and add the wifi master interface to a vLAN which connects to nothing.
If you follow that answer, how does the result improve on rextended’s in security terms? It is worse by giving more people access.
Keep the master, assign a good password and unique address space, allow management access only from that space.
If that security is unimportant, what is really your question?
I never said ssid should not have a passwd.
That's implied.
I’m with the OP: It’s inconvenient not having this level of control, most WiFi systems allow for enabling/disabling SSIDs in a more flexible way. Moving a most-likely-to-be running (E)SSID to master is just a design constraint that exists with these products. If this is not done, then leaving it ‘on’ just to leave it ‘on’ increases the attack surface for no reason and don’t forget the performance impact: there is always overhead to carrying SSIDs on a channel, from management and control frames like beacons, probe responses, etc., which are usually sent at realtively low datarates, so don’t really see the need to absorb this too.
Feel free to do that on different bands, but how do you propose to have virtual interfaces without a functioning primary? In my recollection the primary is sine qua non