Wireless Access

We have a captive portal setup on our model 3200 controller. What I have been asked to do is limit a guest login to a specific machine so guests cant give out their login to others who should have access. I'm not sure where to start on this to make it happen.

#3200

Someone correct me if I am wrong, but I believe you want to set the "Max Sessions" attribute under the guest user role to "1".

 

From the UG:

 

Max Sessions

This configures a maximum number of sessions per user in this role. The default is 65535. You can configure any value between 0-65535.

I tried it with a 1 and it didnt help.

I realized I wasnt hitting the change button. It is now set to 1 user for the guest access network which is great but I'm needing to limit the users that can use a specific login. I want to have 10 logins and allow only 10 devices at a time. I dont want the same login used twice.

---

@praetorrian wrote:

I realized I wasnt hitting the change button. It is now set to 1 user for the guest access network which is great but I'm needing to limit the users that can use a specific login. I want to have 10 logins and allow only 10 devices at a time. I dont want the same login used twice.

---

This will allow each user that gets the "guest" role to only login on 1 device with his/her guest login account. I do not know if there is a way to limit the system to only 10 guest login account connections at a time. You could limit the DHCP pool to only 10 addresses, assuming you are using a separate DHCP pool for guests.

That sounds like what I want but the behavior I'm seeing when I set it to 1 is only a single user can get on the guest network. Once a second person tries they just get a timeout message when they open their browser.

Are they all using the same login?

The second user never gets to the captive portal screen. It just times out.

Right! Because guest is the default role prior to login. Ah. You probably just need to create a new guest role. Make that the role that the guest accounts get. Then set that role to 1 max sessions.

Max sessions is the number of firewall sessions in a role, NOT the number of users.  If you set this parameter to one, only a single user can pass any traffic to a single host, locking everyone else out.  This is NOT what you want.  Please change that parameter back to 65536.

 

 In the Captive Portal Authentication profile, you can use the "Allow only one active user session" parameter so that users can only use their login once when logging into the Captive Portal.  Go to Configuration> Security> Authentication> L3 Authentication> Captive Portal Authentication Profile.  Choose the Captive Portal Authentication Profile that applies to your WLAN and enable the "Allow only one active user session" parameter.  This will allow a user to use his login only once.  There is nothing to limit a user to 10 logins.

yes using internal controller's CP, you ca neither have 1 user user session or many. If you want to restrict the active user sessions to say 10, you need to do this with an external CP like Amigopd.

This worked. Thank you very much.

 

Praettorian,

 

Glad to hear it works.  Please mark the thread "Solved" when you can.

Ah, thanks Colin. Should probably change the wording in the UG and CRG then, making it "firewall sessions"

User sessions is a bit ambiguous.

It could use some clarification.  We will notify the documentation team.