Security, WIDS/WIPS and Aruba ECS

Reply
Guru Elite
Posts: 8,633
Registered: ‎09-08-2010

Limit Number of Devices by Role

Hi Everyone - We are using a 2008 RADIUS server to authenticate users. How can I limit the number of devices that can be authenticated at once per user based on their role?

For example:

Group A - No Limit
Group B - 4 devices
Group C - 2 devices

I already have roles setup that map to ACL policies.

Thanks in advance!

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Guru Elite
Posts: 21,260
Registered: ‎03-29-2007

Hmmm...

The issue is that a device is placed in a role AFTER a user authenticates. The second issue is there is no counter keeping track of how many users are in a role, much less enforcement of that counter.

Please describe what you are trying to do...


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Guru Elite
Posts: 8,633
Registered: ‎09-08-2010

Re: Limit Number of Devices by Role

Pretty much I would like to limit the number of devices that a user can authenticate under their account. We determined that 4 devices is sufficient for a user. The idea is to deter users from logging other people in under their account.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Guru Elite
Posts: 21,260
Registered: ‎03-29-2007

Depends...

If you are authenticating users via Captive Portal, the Aruba Controller can limit a user to a single logon using the "Allow only one active user session" parameter in the Captive Portal authentication profile.

If you also want to do this for 802.1x authentication, you need to look to a radius server for this type of support. Certain radius servers have this functionality built in like freeradius http://freeradius.org/radiusd/doc/Simultaneous-Use

Neither solution can limit a user to "X" number of logins per role, however.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: