Security

Reply
Occasional Contributor I
Posts: 9
Registered: ‎06-25-2014

CPPM Guest: How to limit the maximum number of Registrations per Device

Hi there!

 

In Germany validation for hotspots using SMS is very popular.

 

The Guest-Sponsor-Feature does not work for this, because you have to validate using a link at at webpage.

So i just remove the password from the Reciept-Page and redirect using JavaScript the Login-Button to the Login-Page. The Password is sent by SMS as a Receipt-Action to the visitor_phone SMS number and then the SMS-valided user can login.

 

Everything fine so far.

 

The Question: How to limit the number of registrations a user can do?

 

The WiFi-Network for this customer is in public and anyone can abuse the registration by using it as often as he likes and everytime an SMS is sent out (spaming friends, e.g.)

 

Give them a try: this document describes a similar feature: Amigopod - AutoMACAuthAccount.pdf

But how to use such PHP-based Radius-Replies? Is it sill working with CPPM and CPPM-Guest?

 

My own idea - not working:

In Register-Page-Head i have inserted

 

{nwa_radius_query _method=GetCallingStationSessions _debug=1
callingstationid=$mac
from_time=86400
_assign=counter}
Counter-Value: <b>{$counter}</b><br>

 

and i get the number of valid sessions the device already has made the last 24 hours. Cool to invent, but useless for me,  because this counts the number of valid logins and Radius-Accounting-Sessions and at this time there was no valid login so there is no Accounting. 

 

 

Detailed Question:

So i just have to query the Guest-DB for the number of users created with attribute 'mac' = callingstationid and from_time=86400 . Similar to the above option. Or maybe much more smarter....

 

Ideas how to get this to work?

 

Kind Regards from

Folke

 

Guru Elite
Posts: 19,982
Registered: ‎03-29-2007

Re: CPPM Guest: How to limit the maximum number of Registrations per Device

Try this page here:  http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/How-to-Insert-a-new-Field-in-the-Guest-Self-Registration-page/ta-p/185652

 

"To avoid Guests  create multiple account with same phone number, we need to add and edit auto_update_account as shown in below capture."

 

Whatever you are using for the username (it doesn't have to be a phone number), it will not let them create the same account twice.

 

Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
Occasional Contributor I
Posts: 9
Registered: ‎06-25-2014

Re: CPPM Guest: How to limit the maximum number of Registrations per Device

Hey Colin!

 

Thank you for your reply. The idea isn't bad, but not quite optimal.

The visitors are getting access for 24 hours. So if you want to get Wifi access another next day, you are not able to get a new and fresh password. I've tested, so expired accounts cannot be updated and activated anymore by the visitor.

On the other hand it would be possible to spam different phone numbers one by one...

 

So any possible way using the API or to complete my first idea asking the number of submits of that MAC-Address from database before submitting the form.... Would be the best to solve our problem

 

 

Wireless greeting

Folke

Guru Elite
Posts: 19,982
Registered: ‎03-29-2007

Re: CPPM Guest: How to limit the maximum number of Registrations per Device

Fashberg,

 

If you have the Expired Guest Cleanup interval set to 1, it will remove expired guest accounts every night:

 

cleanup.png

 Question:

 

How do you plan to treat users that use multiple devices?

 

Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
Search Airheads
Showing results for 
Search instead for 
Did you mean: