Max concurrent logins for a specific WLAN on WLC via dot1x

Dominic Stalder (old profile) · ‎08-18-2011

Hi there

I am interested if there is a possibility to allow an user to login only once to a specific WLAN. I know the WLC feature "Max Concurrent Logins for a user name", but this is a global setting and I need it to be only applied to a specific WLAN.

Is there a RADIUS attribute which will help my to enforce this? If yes, how will this work:

1. Will the logged in WLAN session be disassociated and the new one is possible to login

or

2. Will the second login attempt be blocked

Thanks a lot and best regards

Dominic

Stephen Rodriguez · ‎08-18-2011

There is an attribute in ACS that checks the concurrent logins. If I'm remembering correctly, the second session would be denied access.

So for example, user john.smith logins on his PC/MBP, this will pass and he'll have access. Now he tries to access via his iPad, this will fail, as it's the second connection.

In the WLC, under the RADIUS config, there is a format for the message. You'd need to set this to ap-mac-ssid (or the similar setting) so that the WLC sends the SSID attribute to match on.

HTH,

Steve

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

Dominic Stalder (old profile) · ‎08-19-2011

Hi Stephen

Thanks for your answer. I am gonna search this attribute on ACS and will post my solution here afterwards.

Regards

Dominic

Dominic Stalder (old profile) · ‎08-22-2011

As seen in the ACS 5.2 Release Notes:

The following features are not supported in ACS 5.2:

-Support for defining the maximum number of simultaneous sessions for a user or user group.

So there is no such feature available in 5.2, hopefully they implement it in 5.3.

Regards

ewood2624 · ‎08-27-2011

Does anyone know if the 5.3 release is still on track for mid-September?