Wireless Access

Is there an option in Aruba wireless controller to limit users/clients on the number of log on? Currently, 802.1x is configured alongside with RADIUS in Windows 2008 R2. We are using local accounts in the RADIUS server for authentication.

 

I agree that this would be very helpful.  I would love to limit logins to 2 or 3.  But I can not find any way to do this...

Try this: Change max-sessions from default 65535 to like 128 (under a user-role).

forgive me if i am wrong but i am sure that setting is to do with firewall sessions. most web pages will make multiple firewall sessions and that will be all you are stopping. you wont be stopping a user from connecting multiple devices at once. I don't know of a way that you can with using just windows nps, you may be able to if you leverage off clearpass.

Thanks to all who replied! 

 

About what revans said, I found the same information on this link http://community.arubanetworks.com/t5/ArubaOS-and-Controllers/Question-Re-User-role-amp-Max-Sessions/td-p/4487. It seems the max-session has nothing to do with the number of logins a user can have.

 

We ended up applying MAC authentication on the wireless controller AND use NPS in Windows 2008 R2, Both requirements should be met when a device is being registered. In this way, we can avoid the users to give out their own RADIUS credentials(just in case they crack it) to other users. 

 

 

This really should just be a feature - all the information is already there we should be able to say allow a MAX of x simultanious logins.  I would not want to deal with collecting mac address from hundreds of students hudreds of different wireless devices they want to use on campus.  seems crazy... BUT I would like to set a limit to something reasonable like three devices.  

 

I think clear pass is really going to drive me crazy.... so much functionality I feel is being pushed as a seperate product (clear pass) though it fits well within the core product... 

Danstl,

 

The multiple sessions enforcement is normally a feature of radius servers.  Aruba does this, but only on the captive portal.  it is also not a typical feature provided by WLAN providers.

 

---

@cjoseph wrote:

Danstl,

 

The multiple sessions enforcement is normally a feature of radius servers.  Aruba does this, but only on the captive portal.  it is also not a typical feature provided by WLAN providers.

 

---

I understand this, but I think with the changing environment especially with BYOD expansion etc, it would be nice to have this functionality.  Like I said the aruba gear already knows who is logged in to the system, and it would seem to be an easy enhancement to simply allow only so many (admin defined) duplicate logins...  What was standard working operations two or three years ago is not whats happening now....

---

@danstl wrote:

---

@cjoseph wrote:

Danstl,

 

The multiple sessions enforcement is normally a feature of radius servers.  Aruba does this, but only on the captive portal.  it is also not a typical feature provided by WLAN providers.

 

---

I understand this, but I think with the changing environment especially with BYOD expansion etc, it would be nice to have this functionality.  Like I said the aruba gear already knows who is logged in to the system, and it would seem to be an easy enhancement to simply allow only so many (admin defined) duplicate logins...  What was standard working operations two or three years ago is not whats happening now....

---

Danstl,

 

You are correct.  Please log this in the Ideas portal so that it gains the visibility it needs.

 

Solo para comentar. En un controlador Cisco, hacer eso que buscamos con Aruba,  es tan sencillo como ir a la opción seguridad -- políticas de login de usuario, y especificar el numero de login que queremos por usuario. No se por que en Aruba no esta contemplado esto de una manera fácil.