Cisco Aironet Access-Reject messages

David Smith david.smith at
Sat Apr 29 20:22:50 CEST 2006

Hi there,
I'm trying to use FreeRadius 1.1.1 to authenticate MAC addresses from a
Cisco Aironet 1231 wireless access point.
I have the perl module working, and it can compare a MAC address sent by the
access point and return the Access-Accept message and the access point is
all happy. This is done using the "return RLM_MODULE_OK" message.
However, returning an Access-Reject message ("return RLM_MODULE_REJECT")
just makes the access point continually keep sending Access-Request messages
every time a Access-Reject message is returned. Is this normal? I can't see
What I'm wanting to do is tell the access point that this MAC address is not
valid, go away until it connects again...
Here is the Access-Reject message that I return:

rad_recv: Access-Request packet from host, id=166,
        User-Name = "009096beba0c"
        User-Password = "009096beba0c"
        Called-Station-Id = "0014.693c.6250"
        Calling-Station-Id = "0090.96be.ba0c"
        Service-Type = Login-User
        NAS-Port-Type = Wireless-802.11
        NAS-Port = 665
        NAS-IP-Address =
        NAS-Identifier = "ap1"
perl_pool: item 0x97a51b0 asigned new request. Handled so far: 3
found interpetator at address 0x97a51b0
rlm_perl: RAD_REQUEST: NAS-Port-Type = Wireless-802.11
rlm_perl: RAD_REQUEST: Service-Type = Login-User
rlm_perl: RAD_REQUEST: Calling-Station-Id = 0090.96be.ba0c
rlm_perl: RAD_REQUEST: Called-Station-Id = 0014.693c.6250
rlm_perl: RAD_REQUEST: Client-IP-Address =
rlm_perl: RAD_REQUEST: User-Name = 009096beba0c
rlm_perl: RAD_REQUEST: NAS-Identifier = ap1
rlm_perl: RAD_REQUEST: User-Password = 009096beba0c
rlm_perl: RAD_REQUEST: NAS-Port = 665
rlm_perl: RAD_REQUEST: NAS-IP-Address =
rlm_perl: Added pair Password-Retry = 0
rlm_perl: Added pair Reply-Message = Sorry, no authentication
perl_pool total/active/spare [3/0/3]
Unreserve perl at address 0x97a51b0
Sending Access-Reject of id 166 to port 1645
        Reply-Message = "Sorry, no authentication"

As you can see, i've added the Password-Retry option, but to no avail...
Can anyone shed any light on this?
Dave Smith
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Freeradius-Users mailing list