cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
424
Views
10
Helpful
4
Replies

acs user database

whanson
Level 2
Level 2

Can I limit the number that can use a specific user entry to 1 at a time in acs

4 Replies 4

ansalaza
Level 1
Level 1

Hi, do you mean the number of times that user can login? If so, that would depend on setting up accounting on the AAA Client that the User is logging into...

Having accounting enabled would allow ACS to know how many times the user has logged in, and therefore, you can limit the number of connections to only one.

User Setup, look for: Max Sessions

Before using the Max Sessions feature check your accounting start/stops messages first.

For the feature to work both start & stop packets must have the NAS-Port attribute AND it must contain the SAME UNIQUE value in the both start/stop packets that matches the value from the authentication request.

You'd be surprised how many devices dont do this - particularly VPN and Wireless that dont have physical ports.

If these conditions aren't met max sessions will not work and you end up with users not being able to connect.

thanks a bunch. I take it then that since this is wireless it can't be done.

I wouldnt say it cant be done... but you have to look and make sure the NAS-Port attribute looked sensible. Going back a few years I know Aironet, for example, was quite tricky to make work with max sessions.

The other thing is that because wifi comes and goes its hard for the AP to know when the session has finished. Max sessions was implemented with Dial in mind (yes thats how old it is!!!) ie real physical ports.

With wifi you could look at the number of mac ids in user by a user at any one time as a way to control concurrent sessions.

No not impossible, but probably unlikely to work reliably.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: