Security

Reply
Occasional Contributor II

Session limit trigger

Hi,

 

I would like to configure some custom warning messages. Currently I am stuck on a multiple session limit.

 

I have all my ClearPass users set to a session limit of 1.

When a user logs into a 2nd device without logging out of the 1st device the login page should be refreshed and a warning message displayed.

I would like to know what triggers the warning message.

 

Currently I believe it sends the equivilant of username/password incorrect to my Cisco WLC which will return to the ClearPass a statusCode=5

 

I would expect this to be a statusCode=1 (you are already logged in) or statusCode=3 (you cant be logged in at this time)

 

Anyone got any experience with custome error codes with ClearPass and Cisco WLC?

Aruba

Re: Session limit trigger

You could use the {nwa_radius_query} function in the page HTML to determine if the user is already logged in, and present a message.  This does not rely on Cisco's statusCode parameter.

 

Something like this might work:

 

{nwa_radius_query _method=GetIpAddressSessions _assign=num_sessions}

{if $num_sessions > 0}

<p>

  You are already logged in...

</p>

{/if}

 

 

Occasional Contributor II

Re: Session limit trigger

Thats a much better idea, thanks.

 

Just to clarify, it would be on a second device that the error would be generated, so instead of GetIpAddressSession (Based on user IP) would it be better to use GetCurrentSession or GetUserActiveSession? and what would the syntax be?

 

I have tried the follow:

 

{nwa_radius_query _method=GetUserActiveSessions from_time="900" _assign=num_sessions}
{if $num_sessions > 0}
 {nwa_icontext type=error}
You are already logged in...
 {/nwa_icontext}

{/if}

 

and:

 

{nwa_radius_query _method=GetUserSession from_time="900" to_time=null _assign=num_sessions}
{if $num_sessions > 0}
 {nwa_icontext type=error}
You are already logged in...
 {/nwa_icontext}
{/if}

 

both fail with:

 

"missing arguments to method"

Aruba

Re: Session limit trigger

There is no method "GetUserSession", so I'm not sure what the second example is trying to achieve.

 

The "username" argument is needed for "GetUserActiveSessions".

 

The "from_time" argument is needed for "GetIpAddressSessions".

 

Without these arguments, you are going to get an error.  You need to provide the appropriate value when you call the function.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: