[Chilli] Fixed IP addresses for APs and DHCP for clients

Felipe Augusto van de Wiel felipe.wiel at hpp.org.br
Tue Jan 12 23:49:39 UTC 2010

Hash: SHA512

On 11-01-2010 18:57, Felipe Augusto van de Wiel wrote:
> 	If I understood correctly, when I opt for
> macauth the MAC addresses are used as users for RADIUS
> and that is not what I want based on the previous
> scenario, considering that I didn't like to waste some
> address because of the range allocation (statip/dynip)
> I'm inclined to use macallowed, that will mix the fixed
> IP addresses with the single user web auth, and
> eventually, if the company decides to auth more users
> or limit some of them, the "mixed" solution still work.
> Does it sound like a good plan? (At least until the
> new options similar to ethers come to production).

	I choose the Framed-IP-Address option, I'm not
using 1.2.0 right, but I'm willing to upgrade, specially
to the new version with the --ethers option.

	But my configuration is not yet working. :-(

	Here is the relevant part of my /etc/chilli/config:

HS_WANIF=eth1              # WAN Interface toward the Internet
HS_LANIF=eth0              # Subscriber Interface for client devices
HS_NETWORK=    # HotSpot Network (must include HS_UAMLISTEN)
HS_NETMASK=   # HotSpot Network Netmask
HS_UAMLISTEN=  # HotSpot IP Address (on subscriber network)
HS_UAMPORT=3990            # HotSpot Port (on subscriber network)
HS_TCP_PORTS="22 80 443"

	Since some options seems to not be handled by the
config file, I added them into local.conf and I know,
macallowed is handled by config, but for some reason the
version of MAC address without "-" was not working with
FreeRADIUS (I just changed the final two hexas of MACs).

dhcpstart 11
dhcpend 250
macallowed 00-0F-CB-FC-AA-AA
macallowed 00-0F-CB-FC-AA-AB
macallowed 00-18-6E-C3-AA-AC
macallowed 00-0F-CB-FD-AA-AD
macallowed 00-0F-CB-FF-AA-AE
macallowed 00-0F-CB-FC-AA-AF
macallowed 00-18-6E-C4-AA-BA
macallowed 00-23-6C-D6-AA-BB
macpasswd password
lease 3600

	In /etc/freeradius/users I have entries like this:

"00-0F-CB-FC-AA-AA"     Cleartext-Password := "password"
                Service-Type = Framed-User,
                Framed-IP-Address =,
                Framed-IP-Netmask =

	When I restart the AP with that MAC address I see
this in the logs:

Tue Jan 12 21:35:09 2010 : Auth: Login OK: [00-0F-CB-FC-AA-AA/password] (from client localhost port 7 cli 00-0F-CB-FC-AA-AA)

Jan 12 21:35:09 host coova-chilli[20319]: chilli.c: 3007: New DHCP request from MAC=00-0F-CB-FC-AA-AA
Jan 12 21:35:21 host coova-chilli[20319]: chilli.c: 3138: DHCP addr released by MAC=00-0F-CB-FC-AA-AA IP=

	The released message seems wrong to me, and indeed,
I can't ping the access point after that, just for some
seconds. :-(

	Is something I'm doing horribly wrong?

Kind regards,
- -- 
Felipe Augusto van de Wiel <felipe.wiel at hpp.org.br>
Tecnologia da Informação (TI) - Complexo Pequeno Príncipe
http://www.pequenoprincipe.org.br/    T: +55 41 3310 1747
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/


More information about the Chilli mailing list