Security

Reply
Occasional Contributor II
Posts: 23
Registered: ‎12-22-2011

[Quota Based Access]

 

Hi Guys,

 

Anyone has any ideas on how to restrict users based on Quota? Meaning the users will only be assigned to a certain download limit for example 10MB. Once the user downloaded 10MB, his access is denied.

 

Can be this done with just the controller or i suppose we need systems like Clearpass to complement?

 

Thank you!

Guru Elite
Posts: 20,819
Registered: ‎03-29-2007

Re: [Quota Based Access]

We would need ClearPass Policy Manager to do that.  The controller would send radius accounting packets to CPPM and CPPM would have a rule to disconnect the user when that threshold is reached.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 23
Registered: ‎12-22-2011

Re: [Quota Based Access]

Hi Joseph,

 

Thanks for the quick response again appreciate it =)

 

 

Have found some information that the Controller might not be able to do it as there is no attributes to specify the usage?

 

 Form 6.1UG
 The following is the list of attributes that the controller can send to a RADIUS accounting server:
  Acct-Status-Type
  User-Name
  Acct-Session-Id
  Acct-Authentic:
  Acct-Session-Time
 
  Acct-Terminate-Cause: Indicates how the session was terminated and is sent in Accounting-Request
records where the Acct-Status-Type is Stop. Possible values are:
1: User logged off
4: Idle Timeout
5: Session Timeout. Maximum session length timer expired.
7: Admin Reboot: Administrator is ending service, for example prior to rebooting the controller.
 
  NAS-Identifier
  NAS-IP-Address
  NAS-Port
 
  NAS-Port-Type: Type of port used in the connection. This is set to one of the following:
  5: admin login
  15: wired user type
  19: wireless user
 
  Framed-IP-Address
  Calling-Station-ID
  Called-station-ID

 

 

Thanks!

Guru Elite
Posts: 20,819
Registered: ‎03-29-2007

Re: [Quota Based Access]

[ Edited ]

Do you have the a Radius Accounting Server Group defined in the AAA profile on the Controller of that WLAN that is pointing to CPPM?  If you do, you will then get a new Accounting TAB in access tracker.  In addition, make sure you enable "Interim Accounting" on the AAA profile so that you get periodic data accounting (ArubaOS 6.1 and above).

 

accountin.png

account2.png



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 23
Registered: ‎12-22-2011

Re: [Quota Based Access]

I love you bro! you are the man!

 

I suppose I only can acheive that with CPPM?

 

Thank you!

 

 

Guru Elite
Posts: 20,819
Registered: ‎03-29-2007

Re: [Quota Based Access]

Yes, because only CPPM has policy elements to evaluate and take action on that attribute.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 23
Registered: ‎12-22-2011

Re: [Quota Based Access]

Hi Bro,

 

Just to be sure. So we can kick out users based on a predefined max bytes downloaded?

 

Thanks.

Guru Elite
Posts: 20,819
Registered: ‎03-29-2007

Re: [Quota Based Access]

Let's get specific:

 

Do you have Amigopod (now ClearPass Guest) or ClearPass Policy Manager.  Do you want to set limitations on guest users who come onto your network?

 

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: