concurrent Authentication

Unanswered Question
Apr 10th, 2009

Hi

I have wireless LAN Controller. I have enabled WPA. I have AAA (CISCO ACS) Server for authentication.

I have individual username passwords for wireless clients. But the same username password is been used simultaneously by two different users.

I want to restrict such a way that the username password is access by one person at a time.

Can you please guide me how to achieve this

R.B.Kumar

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
paulpoon Fri, 04/10/2009 - 07:28

In your WLC. Go to Security, AAA, user login policies. You can set the maximum number of concurrent logins for a single user name there.

hclisschennai Fri, 04/10/2009 - 10:29

Hi Paul,

Thanks for your valuable input. I am using EAP authentication where Cisco ACS server is configured with username and password. Dont i have to do anything on ACS server side. Whether changing the parameters you mentioned is enough?

When a user login to the network by EAP, no other user should be allowed to use this same username and password. This is the prime requirement.

Thanks in advance

RBK

paulpoon Fri, 04/10/2009 - 10:45

I believe thats all you need. But if not, in ACS, go to group setup, select the group that you are using for wireless clients. Click edit settings, scroll down to max sessions.

Max Sessions

Set the maximum number of sessions available to groups and users.

Sessions available to group. Sets the maximum number of simultaneous connections for the entire group. A session is any type of connection supported by RADIUS or TACACS+; for example, PPP, Telnet, ARAP, or IPX/SLIP. The options are as follows:

Unlimited. Select this option to allow this group an unlimited number of simultaneous sessions. This effectively disables Max Sessions.

n. Select this option and type the maximum number of simultaneous sessions to allow this group.

Sessions available to users of this group. Sets the maximum number of simultaneous connections for each user in this group. The options are as follows:

Unlimited. Select this option to allow this group an unlimited number of simultaneous sessions. This effectively disables Max Sessions.

n. Type the maximum number of simultaneous sessions to allow this group.

As an example, Sessions available to group is set to 10 and sessions available to users of this group is set to 2. If each user is using the maximum 2 simultaneous sessions, no more than 5 users can log in.

You can also set per-user Max Sessions to be applied to users within the group. This limits the number of simultaneous connections a user can establish.

hclisschennai Fri, 04/10/2009 - 10:58

Hi Paul,

I appreciate your detailed explanation.

I will do with AAA (ACS server) itself. But along with this do i have to do the setting changes you suggested in the earlier post.

What is the difference between do this thing in WLC (which you refered in first post) and in AAA Server

RBK

Leo Laohoo Fri, 04/10/2009 - 19:58

If you do this in the WLC, it will mean ALL USERS including Management users. If you do this option on the ACS, then Management users are optional.

PatrickKnee Thu, 07/16/2009 - 10:22

Not to drudge up an old post, but I have enabled this exact setting on our WLC (running ver 5.2.178), and have set the limit to 2, but I am currently logged in at the same time, with the same account on 3 devices. Anybody know of any reason this could be happening?

bbxie Sun, 07/19/2009 - 22:51

try this at WLC:

config advanced eap max-login-ignore-identity-response disable

PatrickKnee Mon, 07/27/2009 - 04:11

ran that command on each of our WLC's, same effect (meaning, I can still logon with more devices than I set to be allowed)

Actions

This Discussion

 

 

Trending Topics - Security & Network