5 Client States - nodogsplash/nodogsplash GitHub Wiki

A client can have one of 4 states

• authenticated
• preauthenticated
• blocked
• trusted

A client is determed by the MAC address. So every MAC address maps to an client entry. These states are also used by the firewall to mark all the packets of a client.

authenticated and preauthenticated

There are two main states in nodogsplash - authenticated and preauthenticated. Most clients fall into these 2 states.

When the Captive Portal Detection (CPD) of a new client makes a port 80 request, it is preauthenticated.

When the client successfully "logs in" its state changes to authenticated.

blocked and trusted

There's also blocked and trusted which are uncommon. An admin must add a client's MAC to the configuration file or assign it on runtime. Neither a blocked client nor a trusted will change their state on it's own.

blocked means no internet at all for the clients. trusted means it gets direct internet without any splashpage.

How can a client get deauthenticated?

• admin used ndsctl utility to manual deauthenticate the user
• client was idle for the idle timeout interval
• client was connected for the force timeout interval
• client itself used the deauthenticate url
• NDS was restarted