[Chilli] multi tenant clarification

David Bird dbird at google.com
Mon Aug 25 16:09:41 UTC 2014


You can use the conup/condown scripts to insert iptables rules when a
session is authorized and de-authorized.


On Sat, Aug 23, 2014 at 5:31 AM, Nestor A. Diaz <nestor at tiendalinux.com>
wrote:

> Hello People,
>
> When it comes to multi tenant configuration, what is the most sane
> approach according to your experience ?
>
> I will like to set up things 'the easy way' for the people to connect.
>
> We have groups 'A' and 'B'.
>
> Group A should have access to a high quality gateway
> Group B should have access to a medium/bad quality gateway
>
> One way is to setup an access point with virtual SSID associated to a
> VLAN and have a dedicated coovachilli service on each vlan (let's assume
> coovachilli running on a central server) then problem solved (I think!).
>
> But I was wondering if coovachilli support some kind of iptables mark
> support, let me explain:
>
> I would like have just one ssid and just one coovachilli and do
> username/password authentication then the radius server respond with an
> additional attribute (the group they belong: being it 'A' or 'B') and
> according to that chilli will mark the packets comming from the client,
> this way at the kernel level I can choose the default outside gateway
> for a client.
>
> Is that possible ?
>
> Regards,
>
> --
> Nestor A Diaz
>
> _______________________________________________
> Chilli mailing list
> Chilli at coova.org
> http://lists.coova.org/cgi-bin/mailman/listinfo/chilli
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.coova.org/pipermail/chilli/attachments/20140825/a97f1657/attachment.html>


More information about the Chilli mailing list