Security

last person joined: 16 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Clearpass - limit concurrent 802.1x sessions based on user role

This thread has been viewed 19 times

  • 1.  Clearpass - limit concurrent 802.1x sessions based on user role

    Posted Jul 25, 2014 12:06 AM

    Hi all,

     

    I'm trying to setup the following for a client:

     

    They would like staff to be able to connect (concurrently) 3 devices using 802.1x

    They would like students to be able to connect (concurrently) 2 devices using 802.1x

     

    Role derivation is based on AD attributes and works ok.

     

    What i'm struggling with is how to query the number of active sessions for the user during the authentication process.

     

    Am i better off having a concurrent session limit on the user role on the controller?

     

    Anybody got any pointers?

     

    Scott



  • 2.  RE: Clearpass - limit concurrent 802.1x sessions based on user role

    EMPLOYEE
    Posted Jul 25, 2014 08:28 AM

    Have you tried this in your policy?

     

    pnggUERPm0aZL.png



  • 3.  RE: Clearpass - limit concurrent 802.1x sessions based on user role

    EMPLOYEE
    Posted Jul 25, 2014 08:31 AM
    Do you have radius accounting enabled?


  • 4.  RE: Clearpass - limit concurrent 802.1x sessions based on user role

    Posted Jul 27, 2014 04:50 PM

    HI Seth,

    I haven't tried that yet, wouldn't that just block you once they user has used more than 3 devices in total rather than 3 concurrent devices?

     

    Tim,

     

    I have acounting enabled and can see the active sessions in ClearPass but just can't figure out the policy rules to query this. I have a feeling this may require SQL against insight?

     

    Scott