I have been looking for the solution of my problem since quite long but still no luck. My client needs to restrict Active Directory users to login to one device at a time and he wants this to be done by ACS. He has been using ACS 4.2 and he has recently upgraded it to version 5.5. I have tried the Maximum user session limit option but it is not working as per the requirement. Is there any way that this can be achieved? The limit needs to be applied on Per user basis as some of the executives need to be excluded as well. Looking forward for your response.
To make the maximum sessions work for user access like wireless, vpn etc, the administrator should configure RADIUS accounting.
To make the maximum sessions work for device management, the administrator should configure TACACS+ session authorization and accounting
For optimal performance, you can limit the number of concurrent users accessing network resources. ACS 5.5 imposes limits on the number of concurrent service sessions per user. The limits are set in several different ways. You can set the limits at the user level or at the group level. Depending upon the maximum user session configurations, the session count is applied to the user.
The below listed link may come handy while confguring the same feature.
I'm having the same problem on our network using ACS VM 5.5 with the latest update patch, it is used to authenticate wireless users from a Cisco WLC 4402 7.0.220 using aaa radius, authentication and accounting is working fine acs is receiving radius start / stop accounting messages but user session limit for a group is set to 1 but not working, users are authenticated either via AD with group mapping to a local identity group or a local internal user from a specific identity group, the issue is for both type of users
I have the same problem. ACS 220.127.116.11.7, WLC 5508, authentication with AD.
I made AD group mapping, configured RADIUS accounting (I can see "start" and "stop" RADIUS messages in log). All things work fine (Group mapping works right, authentication passing is OK). But the maximum session for one user restriction doesn't work at all. I tried to make it at global and at group level, but ACS just ignore this condition.
Do you have any idea how to troubleshoot this problem?
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...