Security

Reply
Frequent Contributor II

One device for one dot1x authenticated user

Hi All,

Requirement: User first time connects to the network, and gets registered with the same device. Now the user should not be able to authenticate himself from other device until someone clear the registered device of the respective user from CPPM manually.

Can it be done ?

rana
Guru Elite

Re: One device for one dot1x authenticated user

You can you a session device limit with Insight to limit each user to one device. 

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Guru Elite

Re: One device for one dot1x authenticated user

Frequent Contributor II

Re: One device for one dot1x authenticated user

ok,

I am going to use the insight method,

So far I got this,

1st time user1 is loggin in from device1 > authenticated.

2nd time user1 is logging in form device2 > denied. Which is fine.

But if the user2 is logging in from device1 (user1 already logged in from device1) > authenticated (I want this to be denied).

This is what I dont want, once a user1 log in from a device1 it would get register for that particular user. Other user (user2) should not be able to login from that device (device1).

 

Also how many days insight repository will cache the auth session details.

 

rana
Regular Contributor II

Re: One device for one dot1x authenticated user

Ok,

this   http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/Limit-User-Authentication-to-1-Device-for-a-period-of-time/ta-p/234016   can block the user to log in from other device in a 12 hours period.

But different users can still log in from same device. How to block them ?

MVP

Re: One device for one dot1x authenticated user

Not sure if it is the best possible way to do this, but you could simply save the username with the endpoint on the first authentication, then simply compare new usernames to what you saved with that endpoint.

Koen (ACMX #351 | ACDX #547 | ACCP)

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: