Security

Reply
Super Contributor II
Posts: 349
Registered: ‎02-22-2011

Clearpass - limit concurrent 802.1x sessions based on user role

Hi all,

 

I'm trying to setup the following for a client:

 

They would like staff to be able to connect (concurrently) 3 devices using 802.1x

They would like students to be able to connect (concurrently) 2 devices using 802.1x

 

Role derivation is based on AD attributes and works ok.

 

What i'm struggling with is how to query the number of active sessions for the user during the authentication process.

 

Am i better off having a concurrent session limit on the user role on the controller?

 

Anybody got any pointers?

 

Scott

Aruba
Posts: 1,368
Registered: ‎12-12-2011

Re: Clearpass - limit concurrent 802.1x sessions based on user role

Have you tried this in your policy?

 

pnggUERPm0aZL.png

Seth R. Fiermonti
Consulting Systems Engineer - ACCX, ACDX, ACMX
Email: seth@hpe.com
-----
If you found my post helpful, please give kudos
Guru Elite
Posts: 7,866
Registered: ‎09-08-2010

Re: Clearpass - limit concurrent 802.1x sessions based on user role

Do you have radius accounting enabled?

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Super Contributor II
Posts: 349
Registered: ‎02-22-2011

Re: Clearpass - limit concurrent 802.1x sessions based on user role

HI Seth,

I haven't tried that yet, wouldn't that just block you once they user has used more than 3 devices in total rather than 3 concurrent devices?

 

Tim,

 

I have acounting enabled and can see the active sessions in ClearPass but just can't figure out the policy rules to query this. I have a feeling this may require SQL against insight?

 

Scott

Search Airheads
Showing results for 
Search instead for 
Did you mean: