[Chilli] Fixed IP addresses for APs and DHCP for clients
David Bird
david at coova.com
Sun Jan 10 06:52:26 UTC 2010
Hi Felipe,
It sounds like your APs will be in bridge mode?
Either way, it isn't obvious really what solution is the "right" one.
Changes are, you could have some options how you set it up.
If you are going to use Framed-IP-Address in MAC auth, then you will
also need the option (in chilli 1.2.0) --strictmacauth ... this option
was added to keep chilli doing what it does now: when DHCP request comes
in, the first one is ignored while RADIUS is performed for MAC
authentication. The DHCP is ignored, because chilli *might* learn of the
correct IP to return from RADIUS. This, however, makes all clients
connect a bit slower... as they all have to reissue a DHCP request after
a timeout. Chilli was changed per default to just return the DHCP reply
without waiting (MAC auth still happens, just after the client has an
IP, which means Framed-IP-Address in MAC auth now requires the new
option).
I hope this is clear.
David
On Fri, 2010-01-08 at 19:41 -0200, Felipe Augusto van de Wiel wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> Hi,
>
> First of all, thanks for all your great work with
> Coova Chilli, it is a great solution for managing Wi-Fi
> Hot Spots. :-)
>
> When I first deployed it where I work I was
> thinking about using ISC DHCP (at that time, it was not
> clear to me how Coova works). The idea was to provide,
> from DHCP, the IP address for the APs, that way they
> will have a "fixed IP", but once we need to change the
> range we could do it remotely and automatically.
>
> In other words, I would like to have a static
> IP range that DHCP will send to the access points and
> a dynamic IP range that DHCP will send to the clients,
> but those ranges don't necessarily have to be a full
> subnet like /25 or /28. The APs don't necessarily have
> to access the Internet, we just need to access them to
> check radio settings and config options.
>
> With this message, I'm searching for some
> orientation on the best approach to deal with the IPs.
> - From the documentation and forums I had the impression
> that there are three possible approaches to achieve
> the above described scenario.
>
> 1) Use dynip and statip config options
> 2) Use macallowed and Framed-IP-Address
> 3) Use macauth and Framed-IP-Address
>
>
> I think (2) would be the easiest to maintain
> when we need to add more APs and would not waste IPs
> from a subnet, since it is a moderately large change,
> I'm checking with the list before trying to deploy it.
>
> Any comments, recommendations, considerations?
> And of course, it would be great if somebody just write
> to say: "hey, that's exactly the way to go". :-)
>
>
> Kind regards,
> - --
> Felipe Augusto van de Wiel <felipe.wiel at hpp.org.br>
> Tecnologia da Informação (TI) - Complexo Pequeno Príncipe
> http://www.pequenoprincipe.org.br/ T: +55 41 3310 1747
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iQIcBAEBCgAGBQJLR6adAAoJECCPPxLgxLxPDN8QAIc0KcZRu0r9ZwFVwOqXJZWy
> n+wTLdsCBh5+yLxyKSst4NwncQn9fCc3yvKI6rdw+tbxbtiRmGR9KtnktUYb0RmC
> 7y+BElij+8J6IsyU1jLRSCdyzR1pA3s6+oSRpv6UmUg791oPKkoVOtovdoU/ZsH4
> R4+ntQempP3knLtX3IFvUrmHeAkA6W8mP2zdkf8CG/dT9VNZuj7G7/B9sgGhr6tQ
> yX5Gih8jSgSonHNcdk505udIp712Midr4fcxcTwIhN+bteu8X6RKtE5GgjwW6Aoc
> NZLywOma0qP95ugF5WoaOGrSe+CjZIhVeIrjwEr8sipl71+rPLqF1zGZhJPIyhU/
> r6ZDdvnHsQJStooOM/VdLEOPW11UmZRg3hnXxv+2fklVbtLssmOezEnkrjv67q9h
> n5Ki/C+Pk7XP6RwupkTh/bqrK82344fPqQmNrL65OshKpAo8w8tcS9yIYDA/pgse
> lLe3vJCMxcDiFZkzIREY86XitLA5v2n6l/LYmJn84qZ5YF01JIdJ6PCQ1xC6Nrua
> v4dTKBtKo206ux0vfCtH0SkT50NzVDlP8+0l9Pta/bLoj8QzJo0Y+yQCK0Xjzazh
> Bd32gVgGRDUdU+j9lss4JBBZnmg5qJ/st4WcgH8YyRnn/Xo7Y0zMhGYaBd+juvPM
> OclHdnBgibOValKmIOk5
> =Hfwq
> -----END PGP SIGNATURE-----
> _______________________________________________
> Chilli mailing list
> Chilli at coova.org
> http://lists.coova.org/cgi-bin/mailman/listinfo/chilli
More information about the Chilli
mailing list