AAA, NAC, Guest Access & BYOD

SESSION RESTRICTION – DISCONNECT PREVIOUSLY CONNECTED DEVICE

Aruba Employee
Requirement:
  • Device A connects to network using username X
  • Device B connects to network using username X
  • At the time when device B connects, we have to disconnect device A.


Solution:
  • We have to specify a query to fetch previous device MAc address and based on that process the COA.


Configuration:

 

  • We need to store username in endpoint repository as an attribute to achieve this.
  • Below query is required to insert in Endpoint repository source:

 

select mac_address as Last_MAC from tips_endpoints where attributes::jsonb @> '{"Username": "%{Authentication:Username}"}' order by id asc limit 1

 

  • Below is the screenshot of attribute that we have to add in Endpoint repository:

 

  • We have to add Endpoint repository in respective service as authorization source.
  • Following rule condition is required in enforcement policy to disconnect previous device:

 

 

  • Snippet of terminate session profile:

 

 



Verification

 

  • Snippet of request from first MAC address : aabbccddeeff

 

  • Snippet of request coming from second MAC : aaccbbddeeff

 

 

 


Attachments:
Diconnecting previous device.docx
Version history
Revision #:
2 of 2
Last update:
‎03-27-2017 01:47 AM
Updated by:
 
Labels (1)
Contributors
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.