Security

Reply
Occasional Contributor II
Posts: 13
Registered: ‎09-02-2016

Limiting number of devices on PEAP network

Hi,

 

Have setup Clearpass 6.6 and HP MSM wireless network. I followed the HP MSM and Clearpass v3 guide to set up a .1x wireless network with PEAP with accounts in Active Directory. (Not guest portal)

 

The next step is to limit users in a sertain group in AD to only be able to connect with one device.

For checking the group i can use MemberOf. For number of devices I try to use Unique-Device-Count. If it is greater than 1 then deny access.

The problem is that when I connect multiple devices with the same usernaname the Unique-Device-Count counter is allways 1 when I look in access tracker.

 

I searched through Airheads and found some tips to add clearpass as accounting servers in the wireless controller, enable Radius interim accounting on the wireless controller and add Endpoint Repo to authorization sources.

None of these helped.

 

Do you have any idea why it doesn't work?

 

Regards

Philip


Wireless network engineer consultant| @phivil | ACMP ACCP
Guru Elite
Posts: 21,588
Registered: ‎03-29-2007

Re: Limiting number of devices on PEAP network

Are you seeing devices appearing under the Accounting Tab in ClearPass?



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 13
Registered: ‎09-02-2016

Re: Limiting number of devices on PEAP network

Hi,

 

Do you mean under Monitoring->Live Monitoring->Accounting?

 

There I see the user.

 

Regards,

Philip


Wireless network engineer consultant| @phivil | ACMP ACCP
Guru Elite
Posts: 21,588
Registered: ‎03-29-2007

Re: Limiting number of devices on PEAP network

 Ok.  Are you using the method here:  http://community.arubanetworks.com/t5/Controller-Based-WLANs/How-to-deny-access-for-authentication-request-based-on-session/ta-p/183304  ?



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 13
Registered: ‎09-02-2016

Re: Limiting number of devices on PEAP network

No. I did read that guide. The problem I have is that the HP MSM controller doesn't support CoA. So post auth checks are not doable.

I would like to have the functionality to limit the number of devices on the first auth when the user/device connects.

 

Reading the MSM and Clearpass v3 guide I see that it is possible to use an Aruba controller as a L2-bridge. Is this the only solution to be able to get what I want?


Wireless network engineer consultant| @phivil | ACMP ACCP
Guru Elite
Posts: 8,798
Registered: ‎09-08-2010

Re: Limiting number of devices on PEAP network

Unique-Device-Count should be working. I would open up a TAC case.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
Showing results for 
Search instead for 
Did you mean: