Is it possible to have a virtual interface to which 60GHz stations can connect to? I want to have a setup where multiple wAPs connect to a single wAP 60x3 and that wAP 60x3 can create a PtP link from itself to any of the stations. However, I noticed in the MikWiki that the station interfaces are created only after they connect. This wouldn’t work for me because I’d have static bindings set up for things like OSPF on those interfaces, and if they are dynamically generated, than that’s not going to work.
The station interfaces are only created after connect, but they are not dynamic, so they will stay there even if the far end goes down.
Is this really true? If so, then what stops someone from making a script that changes the identity of some station and cramming the AP with a long list of dummy interfaces?
I’m afraid I don’t understand your question. Can you clarify?
Let’s say I have an AP and a station. If the AP assigns slave interfaces based on each station, using the MAC to differentiate between them, then the AP will make a new interface for each MAC it sees. The script on the station changes its MAC to some random value every time it connects. The AP, thinking it’s a new station, creates a totally new interface just for it. However, the station disconnects and changes its MAC again and the cycle continues until memory runs out on the AP and you’re left with maybe hundreds of useless slave interfaces.
Yes, that’s probably possible. But why would you keep changing the MAC on the station side to begin with? Presumably you control both sides?
That’s in case someone hacks a station and wants to subtly attack the network.
They could, that’s why I would use a firewall on the devices. As far as I am aware the type of attack you bring up is entirely possible, if the device is not secured properly.
Adding new stations to the list automatically should be made an option. If disabled, only stations already on the list can connect. This could be extended to allow different encryption keys for each station (specified by access list, or RADIUS server).