chilli features...
Gunther Mayer
gunther.mayer at googlemail.com
Fri Dec 28 12:54:53 UTC 2007
wlan at mac.com wrote:
> Hello all,
>
> I have some ideas for new chilli features and wanted to run them by
> the mailing list and ask for comments.
>
> Right now, when you use MAC authentication, if an access-reject is
> returned, the user will still get assigned an IP address and will then
> be given the captive portal. This is good as a way to have certain
> devices bypass the captive portal. But, it would also be nice to use
> MAC authentication as a way to manage blocked devices. I'm considering
> an option which will have chilli drop all traffic from clients that
> get an access-reject during mac authentication. When clients are in
> the 'drop' state, all traffic from them is ignored.
We have considered this as well, though I think it's better do manage
blocked devices based on a MAC blacklist in the radius backend.
Otherwise those people whose MAC authentication legitimately fails (e.g.
because they haven't registered theirs yet through some sort of web
frontend) get blocked permanently.
More information about the Chilli
mailing list