In my scenario, a network where an external captive portal is hosted, user connects to SSID A, is put in the pre-authentication role starts sending a massive amount of traffic to the datacenter of where the ex captive portal is hosted without ever requesting the portal or going to the post-authentication role.
I cannot seem to find this in any documentation. Not sure if this exists in clearpass but there is no clearpass in this example.
What I am trying to do here is find out whether user-roles or AAA profiles support the ability to set a threshold of let's say 100,000 TCP transmissions and if this user has sent this many packets within the last 5 min. Deny that user access from the internet or move them into a role where deny all is the first line something along those lines.
Only thing I know is max sessions within the user role but is not quite what I am looking for.
Thanks,