chilli features...

wlan at mac.com wlan at mac.com
Mon Feb 11 06:09:50 UTC 2008


>
> Again, Chilli does not enforce this message, it just listens for  
> it. And only Chilli. So why would a developer configure his RADIUS  
> to send this message aloong with the response, when there is no  
> Chilli in use??
>

Yes, but since your logic is coming from the RADIUS server, and this  
RADIUS server MAY be provisioning for more than just Chilli powered  
access controllers (or, indeed, unknown A/Cs in a roaming context), I  
don't think the feature should interfere with these situations.

> Peter Nixon (10.02.2008):
>> The other option of course is to use a radius accept with a VSA  
>> that says to
>> drop all traffic...
>
> While I'm not against using a VSA per se, sending an Access-Accept  
> although I don't want to hear anything from that MAC address again  
> anytime soon is really not what an Access-Accept response is  
> intended to be. Why misemploy this mechanism? Green means go, red  
> means stop. Additional information comes with an (vendor specific)  
> attribute.
>
>

This is what I mean by working with RFC compliant gear/software. The  
feature should be kept (if possible) within the RADIUS RFC, but not  
at the cost of it working horribly wrong with other RFC compliant  
devices not supporting the feature...





More information about the Chilli mailing list