This article explain means of restricting the active sessions per user for different authentication methods (dot1x and captive portal).
For 802.1x authentication, there is no means of restricting the active sessions per user, meaning, a user can log on to multiple client devices at the same time.
However, for captive portal authentication method, we can restrict number of active sessions per user to 1. We cannot change this number to anything else.
Environment : This article applies to all controller models and AOS versions 5.0 and higher.
WebUI:
- Navigate to Configuration> Authentication> L3 Authentication> Captive Portal Authentication
- Click the relevant captive portal profile
- Enable “Allow only one active user session” checkbox
CLI
(NS-Aruba-3200) #configure terminal
Enter Configuration commands, one per line. End with CNTL/Z
(NS-Aruba-3200) (config) #aaa authentication captive-portal default
(NS-Aruba-3200) (Captive Portal Authentication Profile "default") #single-session
(NS-Aruba-3200) (Captive Portal Authentication Profile "default") #end
(NS-Aruba-3200) #
(NS-Aruba-3200) #show aaa authentication captive-portal default
Captive Portal Authentication Profile "default"
-----------------------------------------------
Parameter Value
--------- -----
Default Role guest
Default Guest Role guest
Server Group default
Redirect Pause 10 sec
User Login Enabled
Guest Login Disabled
Logout popup window Enabled
Use HTTP for authentication Disabled
Logon wait minimum wait 5 sec
Logon wait maximum wait 10 sec
logon wait CPU utilization threshold 60 %
Max Authentication failures 0
Show FQDN Disabled
Authentication Protocol PAP
Login page /auth/index.html
Welcome page /auth/welcome.html
Show Welcome Page Yes
Add switch IP address in the redirection URL Disabled
Adding user vlan in redirection URL Disabled
Add a controller interface in the redirection URL N/A
Allow only one active user session Enabled
White List N/A
Black List N/A
Show the acceptable use policy page Disabled
User idle timeout N/A
Redirect URL N/A
Bypass Apple Captive Network Assistant Disabled
(NS-Aruba-3200) #