Wireless Access

Reply
Contributor I
Posts: 51
Registered: ‎12-29-2011

Limiting Guest Access

We have a captive portal setup on our model 3200 controller. What I have been asked to do is limit a guest login to a specific machine so guests cant give out their login to others who should have access. I'm not sure where to start on this to make it happen.

Aruba Employee
Posts: 571
Registered: ‎04-17-2009

Re: Limiting Guest Access

Someone correct me if I am wrong, but I believe you want to set the "Max Sessions" attribute under the guest user role to "1".

 

From the UG:

 

Max Sessions

This configures a maximum number of sessions per user in this role. The default is 65535. You can configure any value between 0-65535.

Thanks,

Zach Jennings
Contributor I
Posts: 51
Registered: ‎12-29-2011

Re: Limiting Guest Access

I tried it with a 1 and it didnt help.

Contributor I
Posts: 51
Registered: ‎12-29-2011

Re: Limiting Guest Access

I realized I wasnt hitting the change button. It is now set to 1 user for the guest access network which is great but I'm needing to limit the users that can use a specific login. I want to have 10 logins and allow only 10 devices at a time. I dont want the same login used twice.

Aruba Employee
Posts: 571
Registered: ‎04-17-2009

Re: Limiting Guest Access


praetorrian wrote:

I realized I wasnt hitting the change button. It is now set to 1 user for the guest access network which is great but I'm needing to limit the users that can use a specific login. I want to have 10 logins and allow only 10 devices at a time. I dont want the same login used twice.


This will allow each user that gets the "guest" role to only login on 1 device with his/her guest login account. I do not know if there is a way to limit the system to only 10 guest login account connections at a time. You could limit the DHCP pool to only 10 addresses, assuming you are using a separate DHCP pool for guests.

Thanks,

Zach Jennings
Contributor I
Posts: 51
Registered: ‎12-29-2011

Re: Limiting Guest Access

That sounds like what I want but the behavior I'm seeing when I set it to 1 is only a single user can get on the guest network. Once a second person tries they just get a timeout message when they open their browser.

Aruba Employee
Posts: 571
Registered: ‎04-17-2009

Re: Limiting Guest Access

Are they all using the same login?
Thanks,

Zach Jennings
Contributor I
Posts: 51
Registered: ‎12-29-2011

Re: Limiting Guest Access

The second user never gets to the captive portal screen. It just times out.

Aruba Employee
Posts: 571
Registered: ‎04-17-2009

Re: Limiting Guest Access

Right! Because guest is the default role prior to login. Ah. You probably just need to create a new guest role. Make that the role that the guest accounts get. Then set that role to 1 max sessions.
Thanks,

Zach Jennings
Guru Elite
Posts: 21,272
Registered: ‎03-29-2007

Re: Limiting Guest Access

Max sessions is the number of firewall sessions in a role, NOT the number of users.  If you set this parameter to one, only a single user can pass any traffic to a single host, locking everyone else out.  This is NOT what you want.  Please change that parameter back to 65536.

 

 In the Captive Portal Authentication profile, you can use the "Allow only one active user session" parameter so that users can only use their login once when logging into the Captive Portal.  Go to Configuration> Security> Authentication> L3 Authentication> Captive Portal Authentication Profile.  Choose the Captive Portal Authentication Profile that applies to your WLAN and enable the "Allow only one active user session" parameter.  This will allow a user to use his login only once.  There is nothing to limit a user to 10 logins.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: