Higher Education

last person joined: 13 hours ago 

Got questions on how to enable mobility in education? Submit them here!
Expand all | Collapse all

Limit number of devices per user?

  • 1.  Limit number of devices per user?

    Posted Apr 14, 2015 10:33 AM

    Is there a way in the Aruba OS to set a limit on how many devices can be used by a particular user?

     

    We do not have Clearpass. 



  • 2.  RE: Limit number of devices per user?

    Posted Apr 14, 2015 10:49 AM

    Captive portal ?



  • 3.  RE: Limit number of devices per user?

    Posted Apr 14, 2015 10:55 AM

    We use both Captive Portal and 802.1X. I'd want the limit to apply across both authentication methods. 

     

     

    The reasoning behind this is that recently we had an incident where a set of credentials for a teacher got out into the student population. The teacher role does not get shut off at night unlike the student role. As soon as the kids figured this out, it spread like wildfire. Pretty soon we had 419 devices using the same login credentials. I'd like to set a hard limit for any user so that they can only have a fixed number of devices authenticated and connected at any point. 



  • 4.  RE: Limit number of devices per user?

    Posted Apr 14, 2015 11:01 AM

    Here's your answer for the Captive Portal that is if you are using different usernames , instead of a just an accept terms and condition page with a generic username:

    http://community.arubanetworks.com/t5/Controller-Based-WLANs/How-do-we-restrict-the-number-of-active-sessions-per-user-for/ta-p/186978

     

    Unfortunately there's no way to do this with 802.1X on the controller side of things without having a policy engine like ClearPass 



  • 5.  RE: Limit number of devices per user?

    Posted Apr 14, 2015 11:34 AM

    Do you have the steps to configure the Clearpass service to limit the amount of Simultaneous users? 



  • 6.  RE: Limit number of devices per user?

    Posted Apr 14, 2015 01:54 PM

    @nilslau03 wrote:

    Do you have the steps to configure the Clearpass service to limit the amount of Simultaneous users? 


    To do this from ClearPass:

    - Add the Endpoint Database as your Authorization Source

    - Then create a post authentication profile that updates the endpoint repository with the username

    - Then in the policy add the Endpoint > Unique Device Count as condition to allow access



  • 7.  RE: Limit number of devices per user?

    Posted Apr 14, 2015 12:10 PM

    What radius server do you use for your dot1x auth?



  • 8.  RE: Limit number of devices per user?

    Posted Apr 14, 2015 12:24 PM

    Windows Server 2012 NPS



  • 9.  RE: Limit number of devices per user?

    Posted Sep 24, 2015 02:08 PM

    And... how to do it without ClearPa$$$$$???

     

    I have the same case. (NPS)

     

    Regards.



  • 10.  RE: Limit number of devices per user?

    Posted Sep 24, 2015 02:09 PM

    This type of functionality is not available in NPS.



  • 11.  RE: Limit number of devices per user?

    Posted Aug 18, 2017 11:47 AM

    Hi, 

     

    Any news?

    Will there be in Aruba (HPE) some kind of strategy that will allow an educational organization (public university) in a developing country (low-income) to acquire the ClearPass to make this important requirement?

    Are there any other alternatives to ClearPa $$?

    Or are customers destined to be unable to comply with this (which Aruba itself "recommends" as "should be done") for lack of resources?

    Dominic Orr please tell us if you read, I heard you sometimes and this seems to be only at the level of visionaries ... (I heard you at a conference ...)

     

    Best regards.

     

     



  • 12.  RE: Limit number of devices per user?

    Posted Aug 18, 2017 11:50 AM

    Please work with your local Aruba team.



  • 13.  RE: Limit number of devices per user?

    Posted Aug 18, 2017 11:56 AM

    :/ thanks... but... No $$$ -> No win-win.  Seems like we need "out of country" level guys...



  • 14.  RE: Limit number of devices per user?

    Posted Aug 18, 2017 11:58 AM

    Suggestion:

     

    Between the Aruba product and Radius create a radius forwarder - that checks number of active sessions on the controller with that username and if the limit is reached the point in between would send back a reject - or forward it to the Radius to check the creds. (This should be preatty easy to obtain with a python DEV and a DB on the radius forwarder that would keep the number of connections active status from the controller).

    Forgot to add - in order to let's say prevent a user that has connection issues to be able to reconnect fast in the forwarder you would keep the number of connections and MAC's of each device - and if a device that has already an active session is trying again you would allow - given that the refresh in the DB from the controller would happen every certain min. 

    Good luck.



  • 15.  RE: Limit number of devices per user?

    Posted Aug 18, 2017 12:03 PM

    @Homerodesepcionado wrote:

    And... how to do it without ClearPa$$$$$???

     

    I have the same case. (NPS)

     

    Regards.



    Since ClearPass is based off FreeRADIUS and a database, are free to design your own solution around the building blocks for free or low cost.

     

    We pay for the design & product reliability support from ClearPass but other lower cost options exist.

    It depends on how motivated you are to have a solution.



  • 16.  RE: Limit number of devices per user?

    Posted Aug 18, 2017 12:05 PM

    I think you nailed it Bruce.

     

    For the cost of hiring a developer as mentioned earlier, you could probably purchase ClearPass.



  • 17.  RE: Limit number of devices per user?

    Posted Aug 18, 2017 12:20 PM

    Very true Tim,

     

    Also, compared to other solutions, Clearpass is very feature rich and reasonably priced.  Whoever started the phrase "You get what you pay for" was spot on.  

     

    Jim



  • 18.  RE: Limit number of devices per user?

    Posted Aug 18, 2017 12:24 PM

    I didn't want to offend anyone .... Just wanted to provide another logical possibility to get to the desired solution if ClearPass is not an option.- And just as a reminder Aruba just started encourage the "network technicians" to look in to python + the work that I was suggesting is not necesary for a senior developeer - is very low end.



  • 19.  RE: Limit number of devices per user?

    Posted Aug 18, 2017 04:51 PM
    For what it's worth, we had looked at purchasing Clearpass in the past, and the licensing model was extremely expensive.

    We looked at it again recently, and were pleasantly surprised at the changes made to the model that made it much more affordable for our institution.

    Now, to figure out how to set it up with all that "free time" we have.

    -Patrick