Wireless Access

Reply
Occasional Contributor I
Posts: 7
Registered: ‎02-01-2013

Limit log in session

Is there an option in Aruba wireless controller to limit users/clients on the number of log on? Currently, 802.1x is configured alongside with RADIUS in Windows 2008 R2. We are using local accounts in the RADIUS server for authentication.

 

Frequent Contributor I
Posts: 126
Registered: ‎07-06-2010

Re: Limit log in session

I agree that this would be very helpful.  I would love to limit logins to 2 or 3.  But I can not find any way to do this...

Occasional Contributor I
Posts: 10
Registered: ‎02-13-2013

Re: Limit log in session

Try this: Change max-sessions from default 65535 to like 128 (under a user-role).

Contributor I
Posts: 26
Registered: ‎08-12-2009

Re: Limit log in session

forgive me if i am wrong but i am sure that setting is to do with firewall sessions. most web pages will make multiple firewall sessions and that will be all you are stopping. you wont be stopping a user from connecting multiple devices at once. I don't know of a way that you can with using just windows nps, you may be able to if you leverage off clearpass.
Occasional Contributor I
Posts: 7
Registered: ‎02-01-2013

Re: Limit log in session

Thanks to all who replied! 

 

About what revans said, I found the same information on this link http://community.arubanetworks.com/t5/ArubaOS-and-Controllers/Question-Re-User-role-amp-Max-Sessions/td-p/4487. It seems the max-session has nothing to do with the number of logins a user can have.

 

We ended up applying MAC authentication on the wireless controller AND use NPS in Windows 2008 R2, Both requirements should be met when a device is being registered. In this way, we can avoid the users to give out their own RADIUS credentials(just in case they crack it) to other users. 

 

 

Frequent Contributor I
Posts: 126
Registered: ‎07-06-2010

Re: Limit log in session

This really should just be a feature - all the information is already there we should be able to say allow a MAX of x simultanious logins.  I would not want to deal with collecting mac address from hundreds of students hudreds of different wireless devices they want to use on campus.  seems crazy... BUT I would like to set a limit to something reasonable like three devices.  

 

I think clear pass is really going to drive me crazy.... so much functionality I feel is being pushed as a seperate product (clear pass) though it fits well within the core product... 

Guru Elite
Posts: 21,262
Registered: ‎03-29-2007

Re: Limit log in session

Danstl,

 

The multiple sessions enforcement is normally a feature of radius servers.  Aruba does this, but only on the captive portal.  it is also not a typical feature provided by WLAN providers.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor I
Posts: 126
Registered: ‎07-06-2010

Re: Limit log in session


cjoseph wrote:

Danstl,

 

The multiple sessions enforcement is normally a feature of radius servers.  Aruba does this, but only on the captive portal.  it is also not a typical feature provided by WLAN providers.

 


I understand this, but I think with the changing environment especially with BYOD expansion etc, it would be nice to have this functionality.  Like I said the aruba gear already knows who is logged in to the system, and it would seem to be an easy enhancement to simply allow only so many (admin defined) duplicate logins...  What was standard working operations two or three years ago is not whats happening now....

Guru Elite
Posts: 21,262
Registered: ‎03-29-2007

Re: Limit log in session


danstl wrote:

cjoseph wrote:

Danstl,

 

The multiple sessions enforcement is normally a feature of radius servers.  Aruba does this, but only on the captive portal.  it is also not a typical feature provided by WLAN providers.

 


I understand this, but I think with the changing environment especially with BYOD expansion etc, it would be nice to have this functionality.  Like I said the aruba gear already knows who is logged in to the system, and it would seem to be an easy enhancement to simply allow only so many (admin defined) duplicate logins...  What was standard working operations two or three years ago is not whats happening now....


Danstl,

 

You are correct.  Please log this in the Ideas portal so that it gains the visibility it needs.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: