It might be that we are not thinking the same, and I am not really the smartest apple on the tree. We use username/password combo's but only to grab the via profile. We are not using wireless at all. The controller's purpose is to terminate VPN Tunnels using via. Authentication method is certificates. I want to limit one certificate per device so that two devices cannot authenticate at the same time using the same certificate. Devices being Aruba VIA running on a Linux Workstation. And thank you so much for looking at this for me.