Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Max TCP/UDP transmissions per user defined within a time limit.?

This thread has been viewed 0 times

  • 1.  Max TCP/UDP transmissions per user defined within a time limit.?

    Posted Jan 20, 2015 01:14 PM

    In my scenario, a network where an external captive portal is hosted, user connects to SSID A, is put in the pre-authentication role starts sending a massive amount of traffic to the datacenter of where the ex captive portal is hosted without ever requesting the portal or going to the post-authentication role.

     

    I cannot seem to find this in any documentation. Not sure if this exists in clearpass but there is no clearpass in this example.

     

    What I am trying to do here is find out whether user-roles or AAA profiles support the ability to set a threshold of let's say 100,000 TCP transmissions and if this user has sent this many packets within the last 5 min. Deny that user access from the internet or move them into a role where deny all is the first line something along those lines.

     

    Only thing I know is max sessions within the user role but is not quite what I am looking for.

     

    Thanks,

     

     

     

     



  • 2.  RE: Max TCP/UDP transmissions per user defined within a time limit.?

    Posted Jan 20, 2015 01:18 PM

    Just found this on AOS 6.4 user guid, maybe this is what I am looking for

     

    Capture.JPG

     

     

    EDIT: If this is what I am looking for, then what mechanism can notify me? I don't see anyting in the SNMP trap list or syslog guide



  • 3.  RE: Max TCP/UDP transmissions per user defined within a time limit.?

    EMPLOYEE
    Posted Jan 20, 2015 01:42 PM

    Pmonardo,

     

    You can try putting the "sessions" limit in the "logon" role for that Captive Portal.  Experiment with the number.  We have seen 100 sometimes be too little.

     



  • 4.  RE: Max TCP/UDP transmissions per user defined within a time limit.?

    Posted Jan 20, 2015 01:57 PM
    Thanks, we had it at 200 at one point and that was too little. User's weren't getting portal.

    Too many users on this network.

    For the firewall options, any way to be alerted if those are triggered?


  • 5.  RE: Max TCP/UDP transmissions per user defined within a time limit.?

    Posted Jan 20, 2015 10:03 PM
    why not allow only http, https, DNS and dhcp in pre auth and deny anything else.


  • 6.  RE: Max TCP/UDP transmissions per user defined within a time limit.?

    EMPLOYEE
    Posted Jan 20, 2015 11:56 PM

    pmonardo,

     

    What is the traffic you are seeing and what controller platform is this?

     



  • 7.  RE: Max TCP/UDP transmissions per user defined within a time limit.?

    Posted Jan 21, 2015 09:08 AM

    @Constantin,

     

    We do only allow a very limited amount in the pre-auth ACL role.

    we allow dhcp, dns, certain urls, walledgarden entries and redirection ports to the internal web-server of the controller for redirection to our excap.

     

    @cjoseph wrote:

    pmonardo,

     

    What is the traffic you are seeing and what controller platform is this?

     

    The controllers are 3600s running 6.3.1.6.

     

    It seems the traffic was hitting one of our web-servers (IIS), seems like http connections maxed out, TCP connections increased 4x times the amount. I am waiting for a colleague to come in to find out exactly the type of traffic.