cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
945
Views
10
Helpful
8
Replies

concurrent Authentication

hclisschennai
Level 1
Level 1

Hi

I have wireless LAN Controller. I have enabled WPA. I have AAA (CISCO ACS) Server for authentication.

I have individual username passwords for wireless clients. But the same username password is been used simultaneously by two different users.

I want to restrict such a way that the username password is access by one person at a time.

Can you please guide me how to achieve this

R.B.Kumar

8 Replies 8

paulpoon
Level 1
Level 1

In your WLC. Go to Security, AAA, user login policies. You can set the maximum number of concurrent logins for a single user name there.

Hi Paul,

Thanks for your valuable input. I am using EAP authentication where Cisco ACS server is configured with username and password. Dont i have to do anything on ACS server side. Whether changing the parameters you mentioned is enough?

When a user login to the network by EAP, no other user should be allowed to use this same username and password. This is the prime requirement.

Thanks in advance

RBK

I believe thats all you need. But if not, in ACS, go to group setup, select the group that you are using for wireless clients. Click edit settings, scroll down to max sessions.

Max Sessions

Set the maximum number of sessions available to groups and users.

Sessions available to group. Sets the maximum number of simultaneous connections for the entire group. A session is any type of connection supported by RADIUS or TACACS+; for example, PPP, Telnet, ARAP, or IPX/SLIP. The options are as follows:

Unlimited. Select this option to allow this group an unlimited number of simultaneous sessions. This effectively disables Max Sessions.

n. Select this option and type the maximum number of simultaneous sessions to allow this group.

Sessions available to users of this group. Sets the maximum number of simultaneous connections for each user in this group. The options are as follows:

Unlimited. Select this option to allow this group an unlimited number of simultaneous sessions. This effectively disables Max Sessions.

n. Type the maximum number of simultaneous sessions to allow this group.

As an example, Sessions available to group is set to 10 and sessions available to users of this group is set to 2. If each user is using the maximum 2 simultaneous sessions, no more than 5 users can log in.

You can also set per-user Max Sessions to be applied to users within the group. This limits the number of simultaneous connections a user can establish.

Hi Paul,

I appreciate your detailed explanation.

I will do with AAA (ACS server) itself. But along with this do i have to do the setting changes you suggested in the earlier post.

What is the difference between do this thing in WLC (which you refered in first post) and in AAA Server

RBK

If you do this in the WLC, it will mean ALL USERS including Management users. If you do this option on the ACS, then Management users are optional.

Not to drudge up an old post, but I have enabled this exact setting on our WLC (running ver 5.2.178), and have set the limit to 2, but I am currently logged in at the same time, with the same account on 3 devices. Anybody know of any reason this could be happening?

try this at WLC:

config advanced eap max-login-ignore-identity-response disable

ran that command on each of our WLC's, same effect (meaning, I can still logon with more devices than I set to be allowed)

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: