Wireless Access

Regular Contributor I

Restrict Captive portal users

I don't think this can be done without clearpass but thought I'd put it out there to you guys and see what I get.


Customer wants an SSID that uses captive portal to authenticate users off of the internal database or Radius (doesn't matter which). Easy right? Well here is the catch, they only want the user to be able to log in with a single device.


Scenario is, they give each user their own unique username and password that will allow them to log on with a single device. After the controller sees that user logged on it would block any other request from that user until they log off the one connected device. This would prevent them from connecting multiple devices (phone, iPad, etc etc) and would stop them from giving there username and password to their buddy so they can share access.


I don't think this can be done with standalone controller without clearpass.... thoughts?

Regular Contributor I

Re: Restrict Captive portal users

Think I may have answered my own question.


Create a unique user role for each person.


In User Role set Max Sessions to 1


In Server Group for the SSID set Server Rules

Priority 1 Attribute Role Operation value-of Type String Action set role


I'm going to gen this up in my lab and see if it works.


Stay tuned.....

Regular Contributor I

Re: Restrict Captive portal users

This doesn't seem to be working...

Guru Elite

Re: Restrict Captive portal users

max sessions in the user role only corresponds to firewall traffic sessions, not simultaneous users.  Please do NOT touch that parameter!  In the Captive Portal Authentication Profile, use the "Allow only one active user session" parameter for what you want to achieve.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Search Airheads
Showing results for 
Search instead for 
Did you mean: