11-10-2020 02:25 AM - edited 07-05-2021 12:46 PM
Good morning,
I have a 3500 series WLC with 8.5.131.0 version software connected to a FreeRadius server (with Daloradius GUI).
I would like to know if is it possible to manage the number of devices connected on a specific SSID, limiting each username to one only device.
I'm not capable of handling simultaneous logins number via radius server, so, since I can see the username used to connect in the Clients tab of WLC, I was wondering if I have the chance to use this information to limit logins to 1 device only per user name.
Thank you in advance.
G
Solved! Go to Solution.
11-10-2020 02:37 AM
11-10-2020 10:35 AM
For those that end up with this same issue:
Set User Login Policies to 1 as @Leo Laohoo said, then go to Security>Advanced EAP to disable max-login-ignore-identity-response.
Devices that were logged in BEFORE the policy was enforced will not be kicked out and are not counted toward reaching the max-1-login-per-user limit, so you still have one empty slot to log another device.
Be sure to test these settings using at least 2 different devices to be sure that everything is working as expected.
11-10-2020 02:37 AM
11-10-2020 02:44 AM
Hi Leo,
thank you for answering. I've already found this tip in the forum, but it didn't work. I must also say that the user we used for test purpose had already 2 devices logged in (which didn't get disconnected), and was also able to add a third one.
The culprit may be related to this: "1. When using 802.1X security make sure max-login-ignore-identity-response is disabled"
I can't find this setting in the GUI.
Can you help me with that?
Do I have to do something in paritcular after limiting Login to 1 to test it out?
11-10-2020 10:35 AM
For those that end up with this same issue:
Set User Login Policies to 1 as @Leo Laohoo said, then go to Security>Advanced EAP to disable max-login-ignore-identity-response.
Devices that were logged in BEFORE the policy was enforced will not be kicked out and are not counted toward reaching the max-1-login-per-user limit, so you still have one empty slot to log another device.
Be sure to test these settings using at least 2 different devices to be sure that everything is working as expected.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide