ArubaOS and Controllers

Reply
Occasional Contributor II
Posts: 13
Registered: ‎01-15-2010

Guest user lockouts

My guests go through a captive portal, with guest accounts being through the internal DB on the controllers. is it possible to log out a guest account after "x" number of incorrect login attempts?

Against my recommendations, the customer wants to use 1-month generic logins, and I'd like to, at the very least, secure it so that if someone keeps trying to login and failing, that it would lock that account out at some point.
Guru Elite
Posts: 20,433
Registered: ‎03-29-2007

Re: Guest user lockouts

Yes, you can do that. You can change the max authentication failures in the Captive Portal authentication profile for that wireless network. Go to Configuration> Security> Authentication> L3 Authentication. Select your Captive portal Authentication Profile that is attached to that wireless network. Change the Max Authentication Failures parameter based on how many times you want users to fail before their device gets blacklisted. The number Zero (default) disables this parameter. Click on Apply to make it stick.


In addition, you want to turn on Station Blacklisting, in the Virtual AP profile and configure how long that device will be blacklisted (authentication failure blacklist time). Go to configuration> Wireless> AP Configuration> Edit your AP Group. Expand Wireless, Expand Virtual AP and click on the wireless network. Enable Station Blacklisting and change the authentication failure blacklist time to indicate in seconds how long the device will not be able to connect back to the network, and click on apply.

When users are blacklisted, they will appear in the monitoring tab under Controller> Blacklist Clients. Please make sure that authentication failure blacklist time is 300 seconds (5 minutes) or less and the max authentication failure parameter is 5 to ensure that you are not always busy restoring service for legitimate users.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 13
Registered: ‎01-15-2010

Re: Guest user lockouts

Thanks! I really appreciate the response. I'm guessing I'll have to do an OS upgrade for the max failures options though. I have a 650, running 3.4.2.1, and don't see those options. Below is a screen shot. Did this option get added later?
Search Airheads
Showing results for 
Search instead for 
Did you mean: