I am trying to determine if there is a way to limit the number of logins. Basically, the requirement is to allow a user X number of concurrent logins, but restrict those logins to the first X machines they log into. The requirement is to prevent users from passing their credentials around to other unauthorized users.
You can only restrict guests to one concurrent login of 1 or unlimited. However if you have a list of all mac addresses, you can import them into ise and statically assign them to a endpoint group, from there you can combine a policy that only allows users to connect with a device that you assigned to an endpoint group with a valid AD account.
However your best bet is to deploy certificates if you run in an AD environment where all devices are joined to the domain, it is very simple to use group policies to deploy certificates which you can make the private keys not exportable. Then you can switch your authentication policy so that certs are used instead of passwords.
Let me know if you run all users in AD or if you would like some info on certificate enrollment
Thanks for the suggestions. However, at this time, the deployment is going to be a live pilot (I know, dangerous move lol), but its what is going to convince the customer of ISE's features.
Cert services isn't an option at this time, due to time constraints and the environment this is being rolled out to.
it's basically a trade show and they are allowing all invitees to use their network, but cant deploy certs, or expect the invitees to be able to install them. Apparently, these guests have been known to pass around credentials and this is what they are trying to prevent.
I have locked them down to 3 concurrent connections, but i am not sure if that will do the trick.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :