How do I limit captive portal sessions for a specific username and password?

Aruba Employee

Product and Software: This article applies to all Aruba controllers and ArubaOS 3.4.


The captive portal for guest users generally uses internal DB, which would only check for the presence of the user-name and would just verify the password before allowing authentication. It would never check for any active sessions prior to ArubaOS 3.4. In the ArubaOS 3.4 code, a new parameter has been added to the captive portal profile "Allow only one active user session", which helps in denying reuse of the same username and password.

show aaa authentication captive-portal default

Captive Portal Authentication Profile "default"
-----------------------------------------------
Parameter                                    Value
---------                                    -----
Default Role                                 guest
Server Group                                 default
Redirect Pause                               10 sec
User Login                                   Enabled
Guest Login                                  Disabled
Logout popup window                          Enabled
Use HTTP for authentication                  Disabled
Logon wait minimum wait                      5 sec
Logon wait maximum wait                      10 sec
logon wait CPU utilization threshold         60 %
Show FQDN                                    Disabled
Use CHAP (non-standard)                      Disabled
Login page                                   /auth/index.html
Welcome page                                 /auth/welcome.html
Show Welcome Page                            Yes
Adding switch ip address in redirection URL  Disabled
Allow only one active user session           Enabled

If a user with the same name already exists regardless of the existing one is authenticated by web or dot1x or different servers and this option is enabled, the second login via this captive portal profile is denied.

To enable this feature, issue the following commands:

config t
aaa authentication captive-portal default
single-session
write mem

Version history
Revision #:
1 of 1
Last update:
‎07-05-2014 09:50 AM
Updated by:
 
Labels (1)
Contributors
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: