12-23-2014 09:16 AM
There a different little company in same place, I have one CPPM, one controler wifi aruba and one AD for all.
Actually, PEAP-MSCHAP is use for authenticate company (group of person) (same account for several person, i know it's not secure but it's special request of my customer)
my customer ask me, if with CPPPM, it is possibel to check the number of device for one access account.
person1, person2, person3 etc ... use the same credential : company1/pwd for access to the wifi network with each of their devices.
He want to limit the number of device exemple 5 device/day for company1, this information of maximum will get in a fiel of AD (exemple : description)
I think we must to use the endpoind base and a condition for the enforcement mapping policy, but i'm know sure, Do you have any ideas to help me ?
12-23-2014 09:19 AM
You'll need to enable RADIUS accounting on your controller and also be sure that Insight is running.
Make sure the endpoints repository and insight are listed as an authorization source.
You can then use the following in your enforcment to check:
Authorization:[Endpoints Repository]:Unique-Device-Count GREATER_THAN X
Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
12-29-2014 11:17 PM
I tried to do this but it's doesn't work, in the "acces traker" the value "Unique-Device-Count", never increments.What is the definition of "Unique-Device-Count" ?
I find a post this post : http://community.arubanetworks.com/t5/AAA-NAC-Gues
I will try this, I think that better meets my need.