As an example for setting used http://wiki.freeradius.org/guide/Mac%20Auth (on FreeRADIUS 2.1.12 it configuration works very well) my policy.conf ....... mac-addr = ([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[ ^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2}) rewrite.called_station_id { if((Called-Station-Id) && "%{Called-Station-Id}" =~ /^%{config:policy.mac-addr}(:(.+))?$/i) { update request { Called-Station-Id := "%{tolower:%{1}-%{2}-%{3}-%{4}-%{5}-%{6}}" } if ("%{8}") { update request { Called-Station-Id := "%{Called-Station-Id}:%{8}" } } updated } else { noop } } rewrite.calling_station_id { if((Calling-Station-Id) && "%{Calling-Station-Id}" =~ /^%{config:policy.mac-addr}$/i) { update request { Calling-Station-Id := "%{tolower:%{1}-%{2}-%{3}-%{4}-%{5}-%{6}}" } updated } else { noop } } # host-name = host\/[0-9a-f]*\.ww[0-9]{3}\.siemens\.net rewrite.host_name { # if((User-Name) && "%{User-Name}" =~ /^%{config:policy.host-name}$/i) { update request { Tmp-String-0 := "%{tolower:%{User-Name}}" } # } # else { # noop # } } ........ section in conf. file virtual server ....... authorize { preprocess if (!EAP-Message) { rewrite.calling_station_id authorized_mac if ( ok ) { update control { Auth-Type := Accept } } else { reject } } elsif ( (User-Name == "OpenStagePhone") || (User-Name =~ /^001a/) || (User-Name =~ /^0004/) ) { eap } else { rewrite.host_name authorized_name if (ok) { eap } else { reject } } } authenticate { eap authorized_mac } session { } post-auth { if ( (User-Name == "OpenStagePhone") || (User-Name =~ /^001a/) || (User-Name =~ /^0004/) ) { update reply { Cisco-AVPair := "device-traffic-class=voice" } } Post-Auth-Type REJECT { attr_filter.access_reject } } } Add question: tolower this modul similarly rlm-eap or or the structure of the language of programming?