Product and Software: This article applies to all Aruba controllers and ArubaOS 3.4.
The captive portal for guest users generally uses internal DB, which would only check for the presence of the user-name and would just verify the password before allowing authentication. It would never check for any active sessions prior to ArubaOS 3.4. In the ArubaOS 3.4 code, a new parameter has been added to the captive portal profile "Allow only one active user session", which helps in denying reuse of the same username and password.
show aaa authentication captive-portal default
Captive Portal Authentication Profile "default"
Default Role guest
Server Group default
Redirect Pause 10 sec
User Login Enabled
Guest Login Disabled
Logout popup window Enabled
Use HTTP for authentication Disabled
Logon wait minimum wait 5 sec
Logon wait maximum wait 10 sec
logon wait CPU utilization threshold 60 %
Show FQDN Disabled
Use CHAP (non-standard) Disabled
Login page /auth/index
Welcome page /auth/welcome
Show Welcome Page Yes
Adding switch ip address in redirection URL Disabled
Allow only one active user session Enabled
If a user with the same name already exists regardless of the existing one is authenticated by web or dot1x or different servers and this option is enabled, the second login via this captive portal profile is denied.
To enable this feature, issue the following commands:
aaa authentication captive-portal default