ArubaOS and Controllers

Reply
Frequent Contributor II
Posts: 149
Registered: ‎04-20-2009

Question Re: User-role & Max-Sessions

I wonder if someone can clarify exactly what the max-sessions command under the user-role actually does. My assumption was that this command limits each user in the specified role to the stated number of sessions. ie. if max-sessions for the user-role "Staff" is set to a value of 2, then each staff member will be able to connect a maximum of 2 sessions. (log on twice say with a laptop and a Blackberry)

What seems to be taking place however is that if the max-sessions command is being applied to the user-role as a group not to the individual users within the group. So, if for the user-role staff max-sessions is set to a value of 2, the controller will only allow sessions for a maximum of 2 staff members, denying access to all others.

If this is the manner in which the max-sessions command is supposed to behave, how do I limit users to a set number of sessions?

Thanks in advance!:)
Occasional Contributor II
Posts: 27
Registered: ‎09-19-2007

Max-sessions from the manual...

Looks to me like it's neither of the things you mentioned... BUT... sounds like you're getting something completely different than the manuals says should be happening.

From the 3.4.1 User Manual:

Max Sessions - This configures a maximum number of sessions per user in this role. The default is 65535. You can configure any value between 0-65535.
Guru Elite
Posts: 19,995
Registered: ‎03-29-2007

Firewall Sessions

That parameter refers to the number of firewall sessions per user. Opening some browsers can open up to 50 firewall sessions per user depending on where the content is coming from. This has nothing to do with how many times a user logs on. A number of radius servers have the capability where you can limit the number of times a user logs on. ArubaOS 3.4.1 and above have the capability to limit captive portal users to a single login.
Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
Frequent Contributor II
Posts: 149
Registered: ‎04-20-2009

Re: Question Re: User-role & Max-Sessions




Thanks Colin,

I have the "single-session" flag set for users on my Guest Network and that is exactly what I am try to achieve on the corporate side, except with a value of 2 or 3 sessions. I am using Microsoft's IAS as my RADIUS servers so I will look into sending an attribute back to the Aruba Controller from there. Thanks for pointing me in the right direction.

Cheers.

Contributor I
Posts: 33
Registered: ‎04-12-2007

Re: Question Re: User-role & Max-Sessions




Colin, so max-sessions will be useful in a top congested guest user access network?

Guru Elite
Posts: 19,995
Registered: ‎03-29-2007

Two different Things

Max sessions, refers to the max number of firewall entries per users, whereas single-session in the captive portal authentication profile only allows one user to login to the controller with the same username.
Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
Search Airheads
Showing results for 
Search instead for 
Did you mean: