06-03-2016 08:00 AM
Requirement: User first time connects to the network, and gets registered with the same device. Now the user should not be able to authenticate himself from other device until someone clear the registered device of the respective user from CPPM manually.
Can it be done ?
06-03-2016 08:03 AM
06-03-2016 08:06 AM
Or the better (Insight) different way here: http://community.arubanetworks.com/t5/Controller-Based-WLANs/How-to-deny-access-for-authentication-request-based-on-session/ta-p/183304
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base
06-07-2016 11:10 PM
I am going to use the insight method,
So far I got this,
1st time user1 is loggin in from device1 > authenticated.
2nd time user1 is logging in form device2 > denied. Which is fine.
But if the user2 is logging in from device1 (user1 already logged in from device1) > authenticated (I want this to be denied).
This is what I dont want, once a user1 log in from a device1 it would get register for that particular user. Other user (user2) should not be able to login from that device (device1).
Also how many days insight repository will cache the auth session details.
06-08-2016 02:19 AM
this http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/Limit-User-Authentication-to-1-Device-for-a-period-of-time/ta-p/234016 can block the user to log in from other device in a 12 hours period.
But different users can still log in from same device. How to block them ?
06-08-2016 02:51 AM
Not sure if it is the best possible way to do this, but you could simply save the username with the endpoint on the first authentication, then simply compare new usernames to what you saved with that endpoint.
-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.