I want to add two virtual APs to a wireless interface. One will be a Hotspot and the other for normal access for users that are fulltime customers. Since the real AP will be present in addition to the two virtual APs, is it best just to hide the real AP SSID and add WEP encryption so it can no be accessed? I only want to allow access via the two Virtual APs so that I could disable either if needed.
Yes, hiding the ssid will help. You can also enable the access list for the real ssid and instead of wep you can use WPA/WPA2.
Thanks Uldis 