Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Connection Limitation with same AD credential on ISE

Hi All,

I want that if A client has a successful connection - started session to company network with his/her domain account,he/she must not connect to network with same domain account from another device at same time.

I try to prevent connection more than one same time successful sessions with same domain credential from different devices.

thanks,

1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Hi,I already discussed this

Hi,

I already discussed this here, and also with Cisco local SE, and for the time being, the ISE does not have any mechanism to limit the number of sessions per username, this feature is only available for the guest users.

Also, we can have a workaround for this on Cisco WLC (Wireless) since the WLC has a feature to limit the number of sessions per username, and also you can limit the number of sessions on the ASA for the VPN access.

There is no workaround for the access switches, so you need to do a policy on the AD/Domain itself if applicable.

 

Thanks.

Ahmad.

4 REPLIES

Are you looking to restrict

Are you looking to restrict access to only corporate assets and not allowing the same credentials authenticate against another device i.e. a smartphone? If so they you may want to consider the use of eap-tls where the certificate is issued to the workstation that the user is connecting from.

There isnt a feature that limits maximum simultaneous logins for internal users, that feature is only available on the guest side of ISE. I would recommend contacting cisco tac or your local rep to see if there is a feature that allows you to restrict the maximum logins that a corporate user can have on the network. This feature was available in ACS 4.2.

Thanks,

Tarik Admani *Please rate helpful posts*
Silver

In ISE 1.2 you can not

In ISE 1.2 you can not restrict the number of simultaneous session may be in further release this feature might be offered and tarik is right using certificated you can narrow your connecting nodes.

New Member

Hi,I already discussed this

Hi,

I already discussed this here, and also with Cisco local SE, and for the time being, the ISE does not have any mechanism to limit the number of sessions per username, this feature is only available for the guest users.

Also, we can have a workaround for this on Cisco WLC (Wireless) since the WLC has a feature to limit the number of sessions per username, and also you can limit the number of sessions on the ASA for the VPN access.

There is no workaround for the access switches, so you need to do a policy on the AD/Domain itself if applicable.

 

Thanks.

Ahmad.

Cisco Employee

Deploying EAP Chaining with

Deploying EAP Chaining with AnyConnect  NAM and Cisco ISE

http://www.cisco.com/c/dam/en/us/solutions/collateral/enterprise/design-zone-security/howto_80_eapchaining_deployment.pdf

328
Views
0
Helpful
4
Replies
CreatePlease login to create content