[ previous ] [ next ] [ threads ]
 
 From:  "Lloyd Palfrey" <Lloyd at wsufftrust dot org dot uk>
 To:  "Lee Sharp" <leesharp at hal dash pc dot org>, <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Captive Portal
 Date:  Wed, 22 Nov 2006 09:16:55 -0000
I have 22 access points. M0n0wall is the gateway with a captive portal
on it. Radius mac address authentication. DHCP.

I've had a look at 00:12:f0:ca:d0:71's laptop and it all seems good. It
seems to me that 00:12:17:a9:9c:80 is stealing the IP address from
00:12:f0:ca:d0:71. However 00:12:17:a9:9c:80 shows up in Captive Portal
status and shows traffic.. Which is odd as there is no way that
00:12:17:a9:9c:80 can authenticate as it doesn't have an account.

I've added 00:12:17:a9:9c:80 to the MAC address filter on the access
points. This seems to have solved the problem. However there must be a
bug somewhere... How else could 00:12:17:a9:9c:80 authenticate to the
CP.

- Lloyd

-----Original Message-----
From: Lee Sharp [mailto:leesharp at hal dash pc dot org] 
Sent: 21 November 2006 19:08
To: m0n0wall at lists dot m0n0 dot ch
Subject: Re: [m0n0wall] Captive Portal

From: "Lloyd Palfrey" <Lloyd at wsufftrust dot org dot uk>

> I am using MAC address RADIUS authentication for captive portal and I 
> keep getting the following in the logs.

> Nov 21 11:22:38 /kernel: arp: 172.16.3.175 moved from 
> 00:12:f0:ca:d0:71 to 00:12:17:a9:9c:80 on sis0

> 00:12:17:a9:9c:80 Doesn't exist in the radius server.

> Anyone got any suggestions?

> Many Thanks

First, what is your topology?  Do you have things behind APs that use
the APs MAC?  Could you have a user "borrowing" IP addresses?  Could a
given user be swapping NICs?

                                Lee 


---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch



Disclaimer - November 22, 2006 
This email and any files transmitted with it are confidential and intended solely for Lee
Sharp,m0n0wall at lists dot m0n0 dot ch. If you are not the named addressee you should not disseminate,
distribute, copy or alter this email. Any views or opinions presented in this email are solely those
of the author and might not represent those of West Suffolk Hospital. Warning: Although we've has
taken reasonable precautions to ensure no viruses are present in this email, we cannot accept
responsibility for any loss or damage arising from the use of this email or attachments.