[spr-alex]

SPR supports receiving VLAN tagged packets over a wired LAN interface today.

Soon we are planning to support an OpenWRT package that will allow people to link up into SPR from lots of APs, provided the AP card supports AP/VLAN mode which is critical for the segmentation.

We have no plan to work more closely with managing RADIUS right now, enterprise wifi authentication is difficult to deploy securely without client-side certificates for authentication. So that makes it less appealing due to our goal of supporting any kind of wifi capable device.

Lastly, SPR does have an upsell feature where we support leaf node APs running SPR that have backhaul into a primary instance.

[nixgeek]

Yeah I already do some combination of MPSK and MAC-based Security on Aruba AP-555 and AP-655 at home with a couple hundred IOT devices, OPNsense and FreeRADIUS. I segment by (vendor, device model) instead of /30 per individual device but that’s more setup convenience than anything (it’d be possible to uniquely dot1q every device, too).

I think SPR looks neat, it’s a more well-packaged version of essentially what I already do (albeit in a kludgey way), hence the curiosity about ambition.