Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

CPPM Guest: How to limit the maximum number of Registrations per Device

This thread has been viewed 26 times
  Thread closed by the administrator, not accepting new replies.

  • 1.  CPPM Guest: How to limit the maximum number of Registrations per Device

    Posted Jul 08, 2015 01:54 PM
    No replies, thread closed.

    Hi there!

     

    In Germany validation for hotspots using SMS is very popular.

     

    The Guest-Sponsor-Feature does not work for this, because you have to validate using a link at at webpage.

    So i just remove the password from the Reciept-Page and redirect using JavaScript the Login-Button to the Login-Page. The Password is sent by SMS as a Receipt-Action to the visitor_phone SMS number and then the SMS-valided user can login.

     

    Everything fine so far.

     

    The Question: How to limit the number of registrations a user can do?

     

    The WiFi-Network for this customer is in public and anyone can abuse the registration by using it as often as he likes and everytime an SMS is sent out (spaming friends, e.g.)

     

    Give them a try: this document describes a similar feature: Amigopod - AutoMACAuthAccount.pdf

    But how to use such PHP-based Radius-Replies? Is it sill working with CPPM and CPPM-Guest?

     

    My own idea - not working:

    In Register-Page-Head i have inserted

     

    {nwa_radius_query _method=GetCallingStationSessions _debug=1
callingstationid=$mac
from_time=86400
_assign=counter}
Counter-Value: <b>{$counter}</b><br>

     

    and i get the number of valid sessions the device already has made the last 24 hours. Cool to invent, but useless for me,  because this counts the number of valid logins and Radius-Accounting-Sessions and at this time there was no valid login so there is no Accounting. 

     

     

    Detailed Question:

    So i just have to query the Guest-DB for the number of users created with attribute 'mac' = callingstationid and from_time=86400 . Similar to the above option. Or maybe much more smarter....

     

    Ideas how to get this to work?

     

    Kind Regards from

    Folke

     



  • 2.  RE: CPPM Guest: How to limit the maximum number of Registrations per Device

    EMPLOYEE
    Posted Jul 13, 2015 03:05 AM
    No replies, thread closed.

    Try this page here:  http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/How-to-Insert-a-new-Field-in-the-Guest-Self-Registration-page/ta-p/185652

     

    "To avoid Guests  create multiple account with same phone number, we need to add and edit auto_update_account as shown in below capture."

     

    Whatever you are using for the username (it doesn't have to be a phone number), it will not let them create the same account twice.

     



  • 3.  RE: CPPM Guest: How to limit the maximum number of Registrations per Device

    Posted Jul 13, 2015 08:17 AM
    No replies, thread closed.

    Hey Colin!

     

    Thank you for your reply. The idea isn't bad, but not quite optimal.

    The visitors are getting access for 24 hours. So if you want to get Wifi access another next day, you are not able to get a new and fresh password. I've tested, so expired accounts cannot be updated and activated anymore by the visitor.

    On the other hand it would be possible to spam different phone numbers one by one...

     

    So any possible way using the API or to complete my first idea asking the number of submits of that MAC-Address from database before submitting the form.... Would be the best to solve our problem

     

     

    Wireless greeting

    Folke



  • 4.  RE: CPPM Guest: How to limit the maximum number of Registrations per Device

    EMPLOYEE
    Posted Jul 13, 2015 09:39 AM
    No replies, thread closed.

    Fashberg,

     

    If you have the Expired Guest Cleanup interval set to 1, it will remove expired guest accounts every night:

     

    cleanup.png

     Question:

     

    How do you plan to treat users that use multiple devices?

     



  • 5.  RE: CPPM Guest: How to limit the maximum number of Registrations per Device

    Posted Jul 14, 2023 09:57 AM
    No replies, thread closed.

    Hi Colin,

     I am sitting with the same problem. The guest users register and get the password via email and sms.

    If the mobile number is the username then they can register via email with multiple accounts. If the email address is the username they can register many accounts using 1 mobile number that gets the passwords. Is there not a way to have the username exists and mobile number exists when trying to register? In Guest user management I can search guest users with the mobile number.  


    Original Message


  • 6.  RE: CPPM Guest: How to limit the maximum number of Registrations per Device

    EMPLOYEE
    Posted Jul 17, 2023 06:47 AM
    No replies, thread closed.

    You responded to an 8 year old discussion. Please open a new discussion as things probably have changed in the time between.



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------

    Original Message