Check Chillispot-VLAN-Id

Stuart Baggs stuart at
Tue Nov 5 08:43:47 CET 2013

Hi All

First post from a longtime reader / free radius user. We have CoovaChilli (a Wi-Fi captive portal program) tied together with FreeRadius for AAA. When an access request is sent to FreeRadius, Coova-Chill sends an attribute called Chillispot-VLAN-Id. What I’d like to do is check this attribute at the time of user login and make sure they’re allowed to be on a certain VLAN.

I was thinking of having a custom check attribute in the radgroupreply table with something like Permitted-VLANS := 1,2,3,4

All I need free radius to do is ignore the check if there is not Permitted-VLANS attribute for that user or, if specified, make sure Chillispot-VLAN-Id is contained within Permitted-VLANS.

We do this to stop users in certain locations from gaining access. Traditional huntgroups won’t work for us as we’re using a single NAS for all areas.

Thanks in advance


More information about the Freeradius-Users mailing list