Controllerless Networks

Hi all,

this is my first 'contribution' in Airheads.

Recently, I have PoC and my customer wants to do 'single login on single device only' on IAP environment. Is it possible?

If not, is it possible in any other Aruba envis?

Thank you.

Not too sure you are referring to single single for all application after authentication, if yes check out the latest Clearpass should be 6.4 then it wil lhave single signon for application after you autehnticate via it.

If you are simply referring to the wireless client authenticating then yes............once on the IAP network it will remain authenticated and will have seamless roaming between all IAPs in the network.

Instant APs form a group / cluster.  One of the IAPs behaves in a similar fashion to our controller appliances and it becomes the "Virtual Controller" (VC) and the VC manages the group and is the single point of configuration and monitoring for the group.

If using a pre-shared key it is configured on the VC and all members get this as part of the config.  If using 802.1x the VC becomes the "Authenticator" and is the Radius Proxy that talks to the Radius server.

Hello all,

thank you for replying,

I'm actually referring to this condition:

Username "A" cannot do logging in twice at the same time. From the perspective of the controller or IAP, I don't want to see this:

Username               ||       OS

---------------------------------------------------------------------

ber23empat                     Android

ber23empat                     Windows

ber23empat                     IOS

that's what I meant, and sorry if my explanation is wrongfully misinterpreted.

Thank you again.

From what I know it was not possible on IAP, it is possible to do it on the controller.

depending on the type of network and authentication i believe it might even be tricky on only a controller. with a guest network you can enable single user login. but with dot1x i dont think it is possible without support on the radius server.