Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

How to get an AP1200 to stop processing auth requests after a set # of fail

I have a group of 1200 series AP's deployed in a school using MAC authentication and WEP. The MAC addresses are authenticated by a FreeRADIUS Server. I'm having an issue with students attempting to connect personal Laptop PC's to the AP's. These repeated attempts are reaping havoc with my logs.

Is there a way to get the AP to simply ignore Auth requests from a client after a set number of failed attempts?

I'm Thinking the command

aaa authentication attempts login

will limit the number of attempts, but am not sure if the set value will apply to each client or all clients. ie if I set the value to 10, does each client get 10 tries is is the total of 10 applied cumulatively to all clients?

The next question is the counter reset somehow?


Re: How to get an AP1200 to stop processing auth requests after

Yes, you can use the maximum retries option on the AAA server to limit the number of times the clients can try to access a network. The value of the maximum retries can be configured manually on the AAA server or can be left to use the default number of retries which depends on the aaa server used.

New Member

Re: How to get an AP1200 to stop processing auth requests after

To keep failed attemps from beating up on your servers use the command

dot11 holdoff-time

From the documentation:

dot11 holdoff-time

Use the dot11 holdoff-time global configuration command to specify the hold-off time for EAP and MAC address authentication.

The holdoff time is invoked when a client fails three login attempts or fails to respond to three authentication requests from the access point. Use the no form of the command to reset the parameter to defaults.

[no] dot11 holdoff-time seconds


Specifies the hold-off time (1 to 65555 seconds)


The default holdoff time is 0 (disabled).

CreatePlease to create content