ArubaOS and Controllers

Reply
Frequent Contributor II
Posts: 149
Registered: ‎04-20-2009

Captive Portal and Active User Sessions

I'm hoping someone can assist me with a problem I am having with captive-portal profiles.

I'm running ArubaOS Version 3.4.1.0 on a M3Mk1 controller.

I authenticate my captive portal logins against a Microsoft IAS Server. This IAS server returns a filter-ID which I use to assign a user-role. The user-role is in turn configured with a captive portal profile. My problem is that on the captive-portal-profile I created for employees, I have checked the box that enforces "Allow only one active user session", and yet I often see users showing up twice or more in the user table.

This may be nothing more that me misinterpreting how things work but isn't the "Allow only one active user session" feature supposed to stop this from happening? Should it not prevent employees from having concurrent logins?
Guru Elite
Posts: 20,591
Registered: ‎03-29-2007

More Than once.

Tpelley,

It is supposed to enforce that. A single user will only be allowed once in the user table. Please find out if that user appears multiple times, but with the same mac address. If that is the case, it is the same user, but is it the SAME mac address? If that is the case, windows will leak the addresses of other interfaces through the wireless (VMWARE, wired, etc) and we will register that in the user table, as well, since we report a single IP to mac address pair as a single user. That could explain why you see the same user more than once in the user table. If you type "show user-table unique", you should see only a single entry for each mac address and minimize the phenomenon above.

Please make sure that all of those users have the same mac address, otherwise open a case.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor II
Posts: 149
Registered: ‎04-20-2009

The MACs are unique

Thanks Cjoseph,

I am sure that what you have outlined is on occasion happening but I have isolated one user that I know has unique MAC addresses and unique IP addresses. I Know for a fact that this individual is connected on two workstations at the same time. I guess my next step will be to open a ticket with Aruba Support.



Tpelley,

It is supposed to enforce that. A single user will only be allowed once in the user table. Please find out if that user appears multiple times, but with the same mac address. If that is the case, it is the same user, but is it the SAME mac address? If that is the case, windows will leak the addresses of other interfaces through the wireless (VMWARE, wired, etc) and we will register that in the user table, as well, since we report a single IP to mac address pair as a single user. That could explain why you see the same user more than once in the user table. If you type "show user-table unique", you should see only a single entry for each mac address and minimize the phenomenon above.

Please make sure that all of those users have the same mac address, otherwise open a case.


Guru Elite
Posts: 20,591
Registered: ‎03-29-2007

Try it out yourself

Tpelly,

Why don't you try it out yourself? Login the Captive Portal twice as you and see if that happens.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor II
Posts: 149
Registered: ‎04-20-2009

I tried, I get the same result.


Tpelly,

Why don't you try it out yourself? Login the Captive Portal twice as you and see if that happens.




Hi Cjoseph,

I have actually been able to duplicate this myself. I can connect using two different devices on the same access point at the same time. I have opened a TAC with Aruba and sent them a copy of my flashbackup.

If they are able to tell me why this is happening I will make certain to share the Aruba engineers findings in this thread.
Search Airheads
Showing results for 
Search instead for 
Did you mean: