[Chilli] MacAuth failing after wireless drop

David Bird david at coova.com
Thu Apr 29 04:55:09 UTC 2010 

Hmm.. Well, specifically, there are DHCP-Discover and DHCP-Request. A
Discover is usually the first packet sent my the subscriber, to which
the DHCP server replies to with an Offer. Then the client will confirm
with the Request which should be replied to with an Ack. Yes, some
client devices will start out with a Request (even noting their previous
IP address) and that can be Ack'ed or Nak'ed depending on the DHCP
server. (Note that if Ack'ed here, then there wasn't a Discover packet
that "allocated" the IP). Thus, just doing Mac auth for the Discover
might not be sufficient. Indeed, doing RADIUS for every DHCP request
will mean more RADIUS.. though, I don't think it'll be a problem unless
a machine is going crazy with DHCP from a virus or something. 


On Thu, 2010-04-29 at 10:28 +1000, Jason Allen wrote:
> 
> 
> On 29 April 2010 03:33, Timothy <nzkbuk at gmail.com> wrote:
>         
>         
>         From my experiance a DHCP lease is renewed 1/2 way through the
>         lease. So if you have a 60 min lease then it would be renewed
>         every 30 mins.
>         I'm not sure of the exact state machine of most devices but I
>         do know from logs that most laptop's try to renew an existing
>         (or previous) ip address. I don't know what embedded devices
>         (such as iphones etc) do.
>         
> 
> Reallocation and renewal are different types of requests in a dhcp
> lease lifecycle. A renewal request would not require macauth
> processing, whereas - like initial allocation - a reallocation does
> and should.
>  
>         What is the network topoligy, is coova-chilli running on an
>         access point (such as with openwrt) or have you got a server
>         with 1 or more AP's / devices connected via a switch?
>         
> 
> Chilli on a Ubuntu server (VM'd) with 94 AP's (DHCP forwarding active)
> across many switches.
>  
>         As for re-authing a session if that would be implemented I
>         know I would prefer it to be a configurable option (or at
>         worse a compile time option). Having EVERY DHCP request turn
>         into a radius request could cause a significant volume of
>         traffic.
>         
> 
> The reauth should only need to be additionally added to the
> reallocation dhcp lease request, which would be a small percentage of
> total dhcp requests.
> 
> -- 
> Cheers,
> Jason
> _______________________________________________
> Chilli mailing list
> Chilli at coova.org
> http://lists.coova.org/cgi-bin/mailman/listinfo/chilli

More information about the Chilli mailing list