Security

Reply
Occasional Contributor I

Terminating clients after exceeding the daily limit

We'd like to set some daily limit of data traffic for the guest clients. We've already set radius accounting which is working well but don't know how to terminate the client after he exceeds the limit. As I read in some documents, it should be realized by Radius CoA. Unfortunatelly I'm an Aruba novice and I'm not familiar with the CPPM's philosophy, yet. I read the accounting TN for Amigopod, but CPPM has different gui to set the policies, so it doesn't help me. Could somebody write me some advice or workflow how to set the profiles, policies, etc. in CPPM, please?

Aruba

Re: Terminating clients after exceeding the daily limit

You will want to create a post-authentication enforcement profile ("Session Restrictions Enforcement"), and apply this to the sessions that should be restricted.

 

The options in the enforcement profile are hopefully self-explanatory: you can set Post-Auth-Check : Action = Disconnect, and then appropriate values for Bandwidth-Check : Check-Type = Daily, Bandwidth-Check : Allowed-Limit = 50, Bandwidth-Check : Limit-Units = MB.

 

 

Occasional Contributor II

Re: Terminating clients after exceeding the daily limit

Hello amigodave.

 

This works fine for me.

Can I change user-role on mobility controller when user reaches his data limit ?

The reason is, that user is not disconnected, but he is droped to user-role (eg.) with lower bandwidth ?

 

Regards


Jaroslav

 

Occasional Contributor II

Re: Terminating clients after exceeding the daily limit

Apologies for digging out an old post...

 

Is there anything special required to deploy this of Aruba Instant? I've set up a profile with the attributes you have suggested below, they are assigned to a policy, yet my users is fully capable of downloading past their Allowed-Limit.

 

any suggestions?

MVP

Re: Terminating clients after exceeding the daily limit

Well - you need to have CoA and Radius Interim Accounting configured. With that in place it should work.

You can check an account in Access Tracker to verify that Radius Accounting is going on - and if there has been fired off any CoA.

 

 


Regards
John Solberg

-ACMX #316 :: ACCP-
Intelecom - Norway
----------------------------
Remember to Kudo if a post helped you! || Problem Solved? Click "Accept as Solution" in a post!
Occasional Contributor II

Re: Terminating clients after exceeding the daily limit

I know for sure that accounting is enabled, it's how I am able to check that the client has downloaded more than their limit (CPPM Guest -> Active Session and also in Access Tracker)

 

I'll check CoA, I know its enabled on the IAP as well as RFC3576 (default config).

 

Is there anything else I should check?

Actually, how do I check CoA is enabled?

Guru Elite

Re: Terminating clients after exceeding the daily limit

You can either look for the CoA tab in access tracker or find an access tracker entry and click the Change Status button to initiate a CoA. It will tell you if it was succesful or not.


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II

Re: Terminating clients after exceeding the daily limit

ok.

 

There is no CoA tab under Access Tracker (I get Summary, Input, Output and Accounting) and the only option under "Change Status" is "Server Action" (The others are greyed out)

 

So I'm assuming CoA is not enabled.

Guru Elite

Re: Terminating clients after exceeding the daily limit

You'll want to enable RADIUS CoA for each of your NADs that you want to have the CoA functionality. You can do this under Configuration > Network > Devices, click on a device and then check the RADIUS CoA box.


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II

Re: Terminating clients after exceeding the daily limit

Yep, Thats already done.

 

Is there a difference between Radius CoA on CPPM and AirGroup CoA on IAPs? if not I'm assuming these should be on the same port?

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: