Accept users that not define

Fajar A. Nugraha list at
Mon Apr 1 02:19:41 CEST 2013

On Fri, Mar 29, 2013 at 11:20 PM, Mehdi Ravanbakhsh <babakco at>wrote:

> Dear Fajar
> thanks for your replay
> I have about 300 request per second in my router , so i should accept
> all incoming connection , but if user not define or should be rejected
> i should change IP pool to user can not access to internet and just
> redirect to help paje.
> in all section i change or rewrite policy to not reject the and just
> change ip pool but if user not define what should i do ?
IIRC routers with 802.1x should have settings to assign users to default,
restricted vlan when they're haven't authenticated yet. I suggest you look
into this one first.

As for radius side, you need to make sure that your users ONLY use PAP or
TTLS/PAP. If you can enforce that, then you can accept all users regardless
of their user/password combination.

However usually (e.g. when majority of your users use Windows and its
built-in supplicant) you'd also need EAP-PEAP-MSCHAPv2, in which case
there's no way to do what you want.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Freeradius-Users mailing list