Security

Hi All,

Requirement: User first time connects to the network, and gets registered with the same device. Now the user should not be able to authenticate himself from other device until someone clear the registered device of the respective user from CPPM manually.

Can it be done ?

Try this  older  (logdb) way here:  http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/How-to-limit-simultaneous-active-sessions-from-a-given-user/ta-p/186556

Or the better (Insight) different way here:  http://community.arubanetworks.com/t5/Controller-Based-WLANs/How-to-deny-access-for-authentication-request-based-on-session/ta-p/183304

ok,

I am going to use the insight method,

So far I got this,

1st time user1 is loggin in from device1 > authenticated.

2nd time user1 is logging in form device2 > denied. Which is fine.

But if the user2 is logging in from device1 (user1 already logged in from device1) > authenticated (I want this to be denied).

This is what I dont want, once a user1 log in from a device1 it would get register for that particular user. Other user (user2) should not be able to login from that device (device1).

Also how many days insight repository will cache the auth session details.

Ok,

this   http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/Limit-User-Authentication-to-1-Device-for-a-period-of-time/ta-p/234016   can block the user to log in from other device in a 12 hours period.

But different users can still log in from same device. How to block them ?

Not sure if it is the best possible way to do this, but you could simply save the username with the endpoint on the first authentication, then simply compare new usernames to what you saved with that endpoint.