cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
328
Views
0
Helpful
2
Replies

How to get an AP1200 to stop processing auth requests after a set # of fail

tpelley
Level 1
Level 1

I have a group of 1200 series AP's deployed in a school using MAC authentication and WEP. The MAC addresses are authenticated by a FreeRADIUS Server. I'm having an issue with students attempting to connect personal Laptop PC's to the AP's. These repeated attempts are reaping havoc with my logs.

Is there a way to get the AP to simply ignore Auth requests from a client after a set number of failed attempts?

I'm Thinking the command

aaa authentication attempts login

will limit the number of attempts, but am not sure if the set value will apply to each client or all clients. ie if I set the value to 10, does each client get 10 tries is is the total of 10 applied cumulatively to all clients?

The next question is the counter reset somehow?

2 Replies 2

beth-martin
Level 5
Level 5

Yes, you can use the maximum retries option on the AAA server to limit the number of times the clients can try to access a network. The value of the maximum retries can be configured manually on the AAA server or can be left to use the default number of retries which depends on the aaa server used.

andrew.potter
Level 1
Level 1

To keep failed attemps from beating up on your servers use the command

dot11 holdoff-time

From the documentation:

dot11 holdoff-time

Use the dot11 holdoff-time global configuration command to specify the hold-off time for EAP and MAC address authentication.

The holdoff time is invoked when a client fails three login attempts or fails to respond to three authentication requests from the access point. Use the no form of the command to reset the parameter to defaults.

[no] dot11 holdoff-time seconds

parameter

Specifies the hold-off time (1 to 65555 seconds)

Defaults

The default holdoff time is 0 (disabled).

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: