list.coovachilli at mac.com
Mon Feb 11 09:33:04 UTC 2008
wlan at mac.com (11.02.2008):
>> Peter Nixon (10.02.2008):
>>> The other option of course is to use a radius accept with a VSA
>>> that says to
>>> drop all traffic...
>> While I'm not against using a VSA per se, sending an Access-Accept
>> although I don't want to hear anything from that MAC address again
>> anytime soon is really not what an Access-Accept response is
>> intended to be. Why misemploy this mechanism? Green means go, red
>> means stop. Additional information comes with an (vendor specific)
> This is what I mean by working with RFC compliant gear/software. The
> feature should be kept (if possible) within the RADIUS RFC, but not
> at the cost of it working horribly wrong with other RFC compliant
> devices not supporting the feature...
Yes, I understand your concern. I'll be happy implementing this
feature with a VSA.
I guess there are no RADIUS servers out there, which enforce RFC
compliance and wouldn't allow VSAs in an Access-Reject response? I
know FreeRADIUS would play along due to its high grade of
Do you plan to make the "droptimeout" parameter configurable via RADIUS?
More information about the Chilli