Wireless Access

Reply
Regular Contributor I
Posts: 231
Registered: ‎05-04-2011

Restrict Captive portal users

I don't think this can be done without clearpass but thought I'd put it out there to you guys and see what I get.

 

Customer wants an SSID that uses captive portal to authenticate users off of the internal database or Radius (doesn't matter which). Easy right? Well here is the catch, they only want the user to be able to log in with a single device.

 

Scenario is, they give each user their own unique username and password that will allow them to log on with a single device. After the controller sees that user logged on it would block any other request from that user until they log off the one connected device. This would prevent them from connecting multiple devices (phone, iPad, etc etc) and would stop them from giving there username and password to their buddy so they can share access.

 

I don't think this can be done with standalone controller without clearpass.... thoughts?

Regular Contributor I
Posts: 231
Registered: ‎05-04-2011

Re: Restrict Captive portal users

Think I may have answered my own question.

 

Create a unique user role for each person.

 

In User Role set Max Sessions to 1

 

In Server Group for the SSID set Server Rules

Priority 1 Attribute Role Operation value-of Type String Action set role

 

I'm going to gen this up in my lab and see if it works.

 

Stay tuned.....

Regular Contributor I
Posts: 231
Registered: ‎05-04-2011

Re: Restrict Captive portal users

This doesn't seem to be working...

Guru Elite
Posts: 20,777
Registered: ‎03-29-2007

Re: Restrict Captive portal users

max sessions in the user role only corresponds to firewall traffic sessions, not simultaneous users.  Please do NOT touch that parameter!  In the Captive Portal Authentication Profile, use the "Allow only one active user session" parameter for what you want to achieve.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: