This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Can I limit the amount of clients a user can connect with using peap-mschapv2 and WPA2-AES?

Can I limit the amount of clients a user can connect with using peap-mschapv2 and WPA2-AES?

Go to solution
jellevandewalle
New Contributor

‎11-02-2023 06:46 AM - edited ‎11-02-2023 06:49 AM

Some users share their credentials when trying to connect devices to the network. 

We are a school. We want (our teachers) and students to learn not to share credentials with each other.

Therefore I want to limit the amount of clients per user.

Also...

Client devices use "random mac addresses" when connecting to our network resulting in a lot of known endsystems in our log.

Therefore I want to force clients to use the "mac address of their device" by "again" limiting the amount of registered devices per user.

Can this be done?

0 Kudos
1 ACCEPTED SOLUTION

Go to solution
Miguel-Angel_RO
Valued Contributor II

‎11-29-2023 01:54 AM

Try this:

https://github.com/extremenetworks/ExtremeScripting/blob/master/XMC_XIQ-SE/oneview_workflows/xwf/Lim...

from https://github.com/extremenetworks/ExtremeScripting/tree/master/XMC_XIQ-SE/oneview_workflows

 

View solution in original post

0 Kudos
2 REPLIES 2

Go to solution
Miguel-Angel_RO
Valued Contributor II

‎11-29-2023 01:54 AM

Try this:

https://github.com/extremenetworks/ExtremeScripting/blob/master/XMC_XIQ-SE/oneview_workflows/xwf/Lim...

from https://github.com/extremenetworks/ExtremeScripting/tree/master/XMC_XIQ-SE/oneview_workflows

 

0 Kudos

Go to solution
jellevandewalle
New Contributor
In response to Miguel-Angel_RO

‎12-04-2023 05:56 AM - edited ‎12-04-2023 05:56 AM

Hey Miguel, 
Thanks for your response. I really appreciate it.
I've looked into your workflow. It gives the admin the option to block more than 2 devices per user. That's great.
But it only works after the authentication. It should check this while authentication and give an appropriate response to the user if needed. Something like; "You have authenticated with more than 2 devices. If you connect this device the oldest of your known devices will disconnect. Will you proceed?".
Also, In my opinion, this script will push users into using random mac addresses even more.

0 Kudos
GTM-P2G8KFN