01-26-2007 07:05 AM - edited 07-03-2021 01:32 PM
I have a group of 1200 series AP's deployed in a school using MAC authentication and WEP. The MAC addresses are authenticated by a FreeRADIUS Server. I'm having an issue with students attempting to connect personal Laptop PC's to the AP's. These repeated attempts are reaping havoc with my logs.
Is there a way to get the AP to simply ignore Auth requests from a client after a set number of failed attempts?
I'm Thinking the command
aaa authentication attempts login
will limit the number of attempts, but am not sure if the set value will apply to each client or all clients. ie if I set the value to 10, does each client get 10 tries is is the total of 10 applied cumulatively to all clients?
The next question is the counter reset somehow?
02-01-2007 07:32 AM
Yes, you can use the maximum retries option on the AAA server to limit the number of times the clients can try to access a network. The value of the maximum retries can be configured manually on the AAA server or can be left to use the default number of retries which depends on the aaa server used.
02-01-2007 10:56 AM
To keep failed attemps from beating up on your servers use the command
dot11 holdoff-time
From the documentation:
dot11 holdoff-time
Use the dot11 holdoff-time global configuration command to specify the hold-off time for EAP and MAC address authentication.
The holdoff time is invoked when a client fails three login attempts or fails to respond to three authentication requests from the access point. Use the no form of the command to reset the parameter to defaults.
[no] dot11 holdoff-time seconds
parameter
Specifies the hold-off time (1 to 65555 seconds)
Defaults
The default holdoff time is 0 (disabled).
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: