chilli features...

Gunther Mayer gunther.mayer at
Fri Dec 28 12:54:53 UTC 2007

wlan at wrote:
> Hello all,
> I have some ideas for new chilli features and wanted to run them by 
> the mailing list and ask for comments.
> Right now, when you use MAC authentication, if an access-reject is 
> returned, the user will still get assigned an IP address and will then 
> be given the captive portal. This is good as a way to have certain 
> devices bypass the captive portal. But, it would also be nice to use 
> MAC authentication as a way to manage blocked devices. I'm considering 
> an option which will have chilli drop all traffic from clients that 
> get an access-reject during mac authentication. When clients are in 
> the 'drop' state, all traffic from them is ignored.
We have considered this as well, though I think it's better do manage 
blocked devices based on a MAC blacklist in the radius backend. 
Otherwise those people whose MAC authentication legitimately fails (e.g. 
because they haven't registered theirs yet through some sort of web 
frontend) get blocked permanently.

More information about the Chilli mailing list