I'm using IAP105s for guest WiFi. Open network with an external captive portal page. The page is set up such that the user only has to "Agree" and they are authenticated. However, in a few instances we have seen users that either aren't actively trying to get past the captive portal page or are having issue bringing up the page. These clients are associated to the SSID, but aren't yet authenticated. While looking at "datapath session", we can sometimes see over 100 sessions from that particular device to Amazon webservices, Facebook, or Google. In most instances, the client is either a Kindle or an (mostly) older Samsung Android device. Each one of those session is being redirected to the external CP, so it doesn't take long before we're seeing CPU splikes on the IAP that can last for 10-15 minutes at up over 80% CPU utilization. We're actively working on this with tech support, but was wondering if there was a way in InstantOS to just limit the number of sessions a single client can initiate. Whatever the problem is with these clients might still be there, but if I could limit them to 25-30 sessions in some sort of pre-auth role, at least they wouldn't be affecting other clients. Has anyone seen or done anything similar in Instant?