Error: Ignoring request from unknown client IP:1645

Walt Reynolds waltr at
Tue Feb 13 13:23:45 CET 2007

I had the problem before and it was because in the clients.conf file I 
had written clients (with an s) and not client.

> Message: 1
> Date: Tue, 13 Feb 2007 12:13:08 +0100
> From: Davide Molteni <d.molteni at>
> Subject: Re: Error: Ignoring request from unknown client IP:1645
> To: freeradius list <freeradius-users at>
> Message-ID: <1171365188.6512.39.camel at PRT-TOSHIBA>
> Content-Type: text/plain
> I'm very sorry Alan for replying to your own email address and not on
> the list. Here it is
> Il giorno lun, 12/02/2007 alle 13.35 +0100, Alan DeKok ha scritto:
>> Davide Molteni wrote:
>>> On the cisco I configured:
>>> radius-server host ipmyradius auth-port 1812 acct-port 1813
>>> and the other aaa commands needed
>>> If I look at the radius.log file I always see
>>> Error: Ignoring request from unknown client ipmycisco:1645
>>   Did you configure the server to have that IP in "clients.conf"?
> Sure! With the IP and the same shared key as the cisco NAS client
>>> The Cisco router keeps always trying to connect to radius using port
>>> 1645 even if I specified to use 1812...
>>   That's a bug in the Cisco router.
> Yea but is this a problem for freeradius to properly work? I need to set
> freeradius to listen on 1645 in radiusd.conf? Or I need to change it
> in /etc/services ?
>>> I have tried to configure radius
>>> server to listen on port 1645 but is the same. 
>>   Listening on port 1645 won't make the server believe that
> "ipmycisco"
>> is a known client.
> Well I know this very well in fact, the client that is ignored is
> properly configured in clients.conf
>>> The microsoft radius integration(server 2003) worked at first try
> with
>>> this cisco config...
>>   Really.  Did you configure the Cisco box as a client in the MS
>> server?
> Yes, sure I had to put in the ms radius the cisco box as a client
> otherwise it wouldn't work...
> Please notice that I would like to use this radius for simple PAP ONLY.
> Maybe I'm doing something wrong with users file?
> Please tell me the right way to configure a single test user for PAP
> only. I would like to disable unused modules (ldap,mysql...)
> It couldn't be a problem of authentication method?
> I forgot an important element to tell anyone wants to help.
> I tried to change the shared key on one side (radius) and noticed that
> log file continue to write again the same error
> Ignoring request from unknown client IP:1645
> So the issue it's due to the fact that cisco client don't exchange
> shared key with radius...
> This can halp to focus better the problem?
> thanks in advance

Walt Reynolds
Principle Systems Security Development Engineer
Information Technology Central Services
University of Michigan
(734) 615-9438

More information about the Freeradius-Users mailing list