Limit access in 802.x Enterprise

  • 2
  • Question
  • Updated 5 years ago
  • Answered

It is possible to limit the number of user access in 802.x Enterprise?

I can do this setting in PSK.


Thiago Brambila


  • 22 Posts
  • 0 Reply Likes

Posted 5 years ago

  • 2
Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2486 Posts
  • 448 Reply Likes
This conceptually has to be done at the RADIUS server and not within HiveOS, unless HiveOS is running its internal RADIUS server, in which case it would be up to Aerohive to implement.

FreeRADIUS has support for this with a backing database. If you do a Web search for this, I am sure that you can find the necessaries.

I have written an extension for Microsoft's Network Policy Server that implements this for the organisation that I work with to, in part, meet this very need. (Tricky due to inner and outer identities, so the need to bind authorisation to subsequent accounting, and the need to perform synchronous replication of state between NPS instances - I went down the PAXOS algorithm route with virtual synchrony for high availability reasons.)

As I wrote it in my own time, I am considering releasing it commercially.

(In the interests of absolute correctness, HiveOS could, conceptually, be extended do this where all RADIUS servers return the inner identity normalised in the User-Name AVP of an Access-Accept, but it would be a layering violation to do so - separation of concerns should apply.)