11-15-2018 01:05 PM
Hello,
I'm trying to set up a configuration in HiveManager for one of our customers. We want to create a situation in which one user can only use one client to connect with the wifi-network.
I've setup a new SSID with PPSK configured as SSID Authentication and enabled the options "Set the maximum number of clients per private PSK" and "Set the MAC binding numbers per private PSK". Both options are set to 1.
I also created a user group and added multiple users and passwords.
When User A is connected with the wifi with client X, the same user can't connect with a second client Y at the same time. So, this is ok.
But when User A has disconnected client X, this user can use client Y to connect to the wifi. Because I've enabled the option mac binding and set it to 1, this shouldn't be possible I think?
Is there any way we can limit the number of the clients per user, so that user A can only use client X to connect to the wifi?
We are using AP122, with HiveOS 8.4r7.
Solved! Go to Solution.
11-15-2018 04:48 PM
Just to update this thread in case anyone has this issue down the line, the user group must use a local password database location in order for MAC binding to work. If your user group is set to use the cloud database, then MAC binding won't apply, like we saw here.
11-15-2018 02:45 PM
Are you having the same problem on your AP 121s? Thank you for keeping me updated, I will get the data we need now that we're on 8.2r4, and then we'll add that to the case as well once we have one made.
11-15-2018 02:43 PM
Hello,
Thank you for your help so far.
I've just installed HiveOS version 8.2r4 and I'm having the same issue.
Could it be a problem with the AP122?
I'm not sure when the problem started at the customer, but they are already using Aerohive for more then a year and the configuration has worked before. In the beginning they only used AP121.
A few months back they've added two AP122 into the network in combination with the already existing AP121 devices.
Like I've said, I'm not sure if the configuration stopped working before or after adding the AP122 devices into the network, but since I'm having the same issues with my AP122 it could be related.
11-15-2018 02:21 PM
Thanks very much for allowing me access. I've verified the set up is correct. I've gathered the following data:
Screen shot of the historical client view showing we had one user with two devices connected.
Screen shot of the SSID configuration showing we have this properly set up.
Screen shot of the user group showing there are no conflicting settings.
Tech data from the AP showing that the running configuration has both the PPSK limit and the MAC binding commands applied.
Generated config showing the same, that both the PPSK limit and the MAC binding commands are known and generated.
I'd like to try moving to the recommended HiveOS version, 8.2r4, for the AP 122 as a work around. Whether or not this works, I'd also like to open a case for this issue so I can send the data I've gathered to our engineering team so they can resolve this for you. I will send you an email regarding our options for opening a case.
11-15-2018 01:55 PM
Hello,
In the meanwhile I've manually created a copy of the customer's configuration in a test environment and I'm having the same issue. You now have access to this environment.
The name of the organization is NUBUS. There is only one policy active, NPOL_JURGEN.
11-15-2018 01:27 PM
Hello, thank you for the detailed explanation. You are correct that your set up should limit the user to one client device at a time, and the first client device they attempt to connect with as per the MAC binding you set up. By the sound of it the configuration is correct, but if you could add me as an external user with the email slynn@aerohive.com, and let me know the organization name for your VHM (you can find this by clicking on the silhouette icon> Global Settings> Account Details), I can check to make sure nothing was overlooked. Please also let me know the Network Policy I should be focusing on if there is more than one created. If you'd rather share that with me directly, my email is communityhelp@aerohive.com.