Wireless Access

Reply

Max TCP/UDP transmissions per user defined within a time limit.?

In my scenario, a network where an external captive portal is hosted, user connects to SSID A, is put in the pre-authentication role starts sending a massive amount of traffic to the datacenter of where the ex captive portal is hosted without ever requesting the portal or going to the post-authentication role.

 

I cannot seem to find this in any documentation. Not sure if this exists in clearpass but there is no clearpass in this example.

 

What I am trying to do here is find out whether user-roles or AAA profiles support the ability to set a threshold of let's say 100,000 TCP transmissions and if this user has sent this many packets within the last 5 min. Deny that user access from the internet or move them into a role where deny all is the first line something along those lines.

 

Only thing I know is max sessions within the user role but is not quite what I am looking for.

 

Thanks,

 

 

 

 

Pasquale Monardo | Senior Network Solutions Consultant
ACDX #420 | ACMP
[If you found my post helpful, please give kudos!]

Re: Max TCP/UDP transmissions per user defined within a time limit.?

Just found this on AOS 6.4 user guid, maybe this is what I am looking for

 

Capture.JPG

 

 

EDIT: If this is what I am looking for, then what mechanism can notify me? I don't see anyting in the SNMP trap list or syslog guide

Pasquale Monardo | Senior Network Solutions Consultant
ACDX #420 | ACMP
[If you found my post helpful, please give kudos!]
Guru Elite

Re: Max TCP/UDP transmissions per user defined within a time limit.?

Pmonardo,

 

You can try putting the "sessions" limit in the "logon" role for that Captive Portal.  Experiment with the number.  We have seen 100 sometimes be too little.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Re: Max TCP/UDP transmissions per user defined within a time limit.?

Thanks, we had it at 200 at one point and that was too little. User's weren't getting portal.

Too many users on this network.

For the firewall options, any way to be alerted if those are triggered?
Pasquale Monardo | Senior Network Solutions Consultant
ACDX #420 | ACMP
[If you found my post helpful, please give kudos!]

Re: Max TCP/UDP transmissions per user defined within a time limit.?

why not allow only http, https, DNS and dhcp in pre auth and deny anything else.
If you found my post helpful, please give kudos!
Guru Elite

Re: Max TCP/UDP transmissions per user defined within a time limit.?

pmonardo,

 

What is the traffic you are seeing and what controller platform is this?

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Re: Max TCP/UDP transmissions per user defined within a time limit.?

@Constantin,

 

We do only allow a very limited amount in the pre-auth ACL role.

we allow dhcp, dns, certain urls, walledgarden entries and redirection ports to the internal web-server of the controller for redirection to our excap.

 


cjoseph wrote:

pmonardo,

 

What is the traffic you are seeing and what controller platform is this?

 


The controllers are 3600s running 6.3.1.6.

 

It seems the traffic was hitting one of our web-servers (IIS), seems like http connections maxed out, TCP connections increased 4x times the amount. I am waiting for a colleague to come in to find out exactly the type of traffic.

 

Pasquale Monardo | Senior Network Solutions Consultant
ACDX #420 | ACMP
[If you found my post helpful, please give kudos!]
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: