Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

ACS how to limit AD max user sessions

I have WLC (7.4) that uses 802.1x auth with our ACS (5.3)

Our ACS connects to our AD as external identity.

How can I limit the max sessions per AD users

Access Policies > Max User Session Policy >  Max Session User Settings

-That would affect all my Access Policies

Access Policies > Max User Session Policy >  Max Session Group settings

-That only shows internal groups and doesnt reflect my AD external group.

 

For exemple certain AD users can have more sessions there other AD users

Can that be done?

 

Dash

 

 

 

 

 

 

Everyone's tags (1)
4 REPLIES
Cisco Employee

Hi Dash- Unfortunately there

Hi Dash-

 

Unfortunately there aren't any other options in restricting sessions for users in ACS. I had a similar request form a customer for ISE and ISE doesn't even support max sessions. I had requested that feature to be implemented so now we wait and see :)

 

Thank you for rating helpful posts!

Dash,You can leverage the

Dash,

You can leverage the group mapping feature where members of a certain AD group are mapped to a local group in ACS with the max sessions defined.

http://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_system/5-3/user/guide/acsuserguide/access_policies.html#pgfId-1162308

Thanks,

Tarik Admani

 

Tarik Admani *Please rate helpful posts*
New Member

Okay here is how yo do it.


Okay here is how yo do it.

In the "Access Services", you select & edit the service you want to use & check mark the group Mapping option in it.

Then you will see a "Group Mapping" option beneath the access policy that you just edited in the left panel of the ACS.

Now Select the "Group Mapping" option & select "Rule based result Selection" from the top. Now from the bottom right click "customize" & add in "AD:External Group"

Now you can specify conditions on for which AD Group you can MAP the Internal group & its related conditions i.e Max Session limitation.

Hope this helps.

New Member

Okay here is how yo do it. 

Thanks Ahmed ! Worked like a charm !

428
Views
5
Helpful
4
Replies
CreatePlease to create content