Reject Mac Address

Alan DeKok aland at
Wed Mar 12 15:38:06 CET 2014

Khapare Joshi wrote:
> I have list of MAC address which I want to reject. So the question is
> how do I tell freeradius server  to the file rejectmacaddres.txt file 
> which has banned mac addresses ?

  See "man rlm_passwd".  It can be configured to read data from a text file.

  You probably want something like:

passwd rejectmac {
	filename = ${confdir}/rejectmacaddress.txt
	delimiter = ,
	format = "*Calling-Station-Id"

  Which looks up the Calling-Station-Id in the file.  The contents of
the file MUST be MAC addresses in the SAME format as you see in the
Calling-Station-ID attribute when you read "radiusd -X".

  Then in the "authorize" section, do:

authorize {

	if (ok) {


  That says "look up the Calling-Station-Id in the file.  If it's found,
reject the user".

  Alan DeKok.

More information about the Freeradius-Users mailing list