misconfigured adsl modems hammering my freeradius
Hello, we are using freeradius (with mysql backend) in an isp environment for authentication and accounting of adsl modems. Some of these modems are misconfigured with a wrong password and try to authenticate every 5 secs or so, so i was wondering if there is a simple way to tell radius not to do a lookup every 5 secs for these particular modems... As the number of modems is growing, it seems that these misconfigured modems are putting more and more strain on the radius..... Any advice greatly appreciated, Tom
Tom De Wispelaere wrote:
we are using freeradius (with mysql backend) in an isp environment for authentication and accounting of adsl modems. Some of these modems are misconfigured with a wrong password and try to authenticate every 5 secs or so, so i was wondering if there is a simple way to tell radius not to do a lookup every 5 secs for these particular modems...
Don't list them in clients.conf? Use rlm_passwd to put them into a group, and send an Access-Reject early in the authentication session. See "man rlm_passwd" and the FAQ. Alan DeKok.
Alan DeKok wrote:
Tom De Wispelaere wrote:
we are using freeradius (with mysql backend) in an isp environment for authentication and accounting of adsl modems. Some of these modems are misconfigured with a wrong password and try to authenticate every 5 secs or so, so i was wondering if there is a simple way to tell radius not to do a lookup every 5 secs for these particular modems...
Don't list them in clients.conf?
Use rlm_passwd to put them into a group, and send an Access-Reject early in the authentication session. See "man rlm_passwd" and the FAQ.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Or allow them access, but apply a 'deny any any' access list. Keeps them quiet till they fix or reset the modem. Eddie
participants (3)
-
Alan DeKok -
Eddie Stassen -
Tom De Wispelaere