Controller Based WLANs

 View Only
last person joined: one year ago 

APs, Controllers, VIA
Back to Library

How do we restrict the number of active sessions per user for 802.1x and Captive portal authentication methods? 

Jul 16, 2014 03:17 PM

This article explain means of restricting the active sessions per user for different authentication methods (dot1x and captive portal).

 

For 802.1x authentication, there is no means of restricting the active sessions per user, meaning, a user can log on to multiple client devices at the same time.

 

However, for captive portal authentication method, we can restrict number of active sessions per user to 1. We cannot change this number to anything else.

 

Environment : This article applies to all controller models and AOS versions 5.0 and higher.

 

WebUI:

  1. Navigate to Configuration> Authentication> L3 Authentication> Captive Portal Authentication
  2. Click the relevant captive portal profile
  3. Enable “Allow only one active user session” checkbox

rtaImage.png

 

CLI

(NS-Aruba-3200) #configure terminal
Enter Configuration commands, one per line. End with CNTL/Z
 
(NS-Aruba-3200) (config) #aaa authentication captive-portal default
 
(NS-Aruba-3200) (Captive Portal Authentication Profile "default") #single-session
(NS-Aruba-3200) (Captive Portal Authentication Profile "default") #end
(NS-Aruba-3200) #

 

 

(NS-Aruba-3200) #show aaa authentication captive-portal default
 
Captive Portal Authentication Profile "default"
-----------------------------------------------
Parameter                                          Value
---------                                          -----
Default Role                                       guest
Default Guest Role                                 guest
Server Group                                       default
Redirect Pause                                     10 sec
User Login                                         Enabled
Guest Login                                        Disabled
Logout popup window                                Enabled
Use HTTP for authentication                        Disabled
Logon wait minimum wait                            5 sec
Logon wait maximum wait                            10 sec
logon wait CPU utilization threshold               60 %
Max Authentication failures                        0
Show FQDN                                          Disabled
Authentication Protocol                            PAP
Login page                                         /auth/index.html
Welcome page                                       /auth/welcome.html
Show Welcome Page                                  Yes
Add switch IP address in the redirection URL       Disabled
Adding user vlan in redirection URL                Disabled
Add a controller interface in the redirection URL  N/A
Allow only one active user session                 Enabled
White List                                         N/A
Black List                                         N/A
Show the acceptable use policy page                Disabled
User idle timeout                                  N/A
Redirect URL                                       N/A
Bypass Apple Captive Network Assistant             Disabled
 
(NS-Aruba-3200) #

 

Statistics
0 Favorited
18 Views
0 Files
0 Shares
0 Downloads

Related Entries and Links

No Related Resource entered.