Greetings, I hope you all had a wonderful Christmas holidays! So I continued my work this morning. It looks like it can authenticate the devices (with the certain MAC address pattern) however from the Radius -X output (which I attached here) it doesn't seem to authenticate it the way I want it. Let me repeat my logic here: if the MAC addresses match the pattern, use the User-Name (or Calling-station-ID, since I "rewrite" it to be the same as the User-name) and the password (which is made to be the same as the User-name as well) to authenticate the device. However it looks like my "if" conditions are all matched during the process however they all returned "noop" instead of updating the information I wanted it to. Here are the configurations I made in the policy.conf and /sites-avaliable/default files Policy.conf: policy { ... rewrite_calling_station_id { if(request:Calling-Station-Id =~ /00-A0-08-([0-9A-F]{2})-([[0-9A-F]{2})-([[0-9A-F]{2})/i) { update request { Calling-Station-Id := "00a008%{1}%{2}%{3}" } } else { noop } } } Default: authorize { ... rewrite_calling_station_id if((Service-Type == 'Call-Check') && (User-Name =~ /^%{Calling-Station-ID}$/i)){ update control { Auth-Type = 'Auth-NHSTB' } } } authenticate { ... Auth-Type Auth-NHSTB { if(Chap-Password){ update control { Cleartext-Password := "%{User-Name}" } chap } else{ ok } } } It seems to me that the last "ok" authenticated the device, instead of using "chap" and the "Cleartext-Password" that I assigned. Any ideas? Thank you! Guest-tek, Difan Zhao difan.zhao@guest-tek.com www.guest-tek.com Office: 403-509-1010 ext 3048 Cell: 403-689-7514