×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Max login enforement using ACS

Unanswered Question
Mar 3rd, 2009
User Badges:

Hi All,


Recently I deployed a credentials-based wireless security, based on WPA2/802.1x and PEAP.


I was using 3 WLC 4400 controllers, version 5.1.151.0 and 1 ACS server version 4.1.


Everything is working fine except the fact that each username/password can login multiple times, while this should be just one login per user.


I read about the setting: Security -> AAA -> User Login Policies in the WLC, but I also read that this is a setting which applies to all WLAN's, not just the one I'm adding.


Does anybody know how to limit the number of allowed logins using the ACS user/group policies?


Thx in advance.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Leo Laohoo Tue, 03/03/2009 - 21:03
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 LAN, Wireless

In the WLC, go to Security -> AAA -> User Login Policies


Under "Max Concurrent Logins for a user name", change the number to your desired settings.


Hope this answers your question.

HielkeHagendoorn Wed, 03/04/2009 - 08:10
User Badges:

Hi Ieolaohoo,


Thx for you'r answer, I understood this is a global settings, which affects all defined WLAN's.


So I prefer using the ACS to enforce an user/group policy or something.


Any idea, about how to config this?

Leo Laohoo Wed, 03/04/2009 - 14:47
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 LAN, Wireless

Unfortunately, no. We had the ACS running well when I configured the WLC recently. This is how we "police" the number of allowed logins per user when using the Wireless.


My reason is because sometimes, I have to login to router/switches more than once and I don't what THIS policy to prevent me from doing so.


Does this help?

HielkeHagendoorn Thu, 03/05/2009 - 01:06
User Badges:

Unfortunately not. If you have to login more than once on a router/switch you should create a separate account for that. Each account can get it's one set of policies.


The problem here is that the ACS doesn't enforce these policies.

Actions

This Discussion

 

 

Trending Topics - Security & Network