cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
297
Views
0
Helpful
1
Replies

ISE policy condition question

ammahend
VIP
VIP

We have a situation, where we want users to have no more than 2 active sessions. For e.g. when user connects the first device with AD credentials it should authenticate and authorize based on policy, same should happen when the same user connects second device with same credentials. However when user connects the 3rd device with same credentials, I want to create a condition, where ISE can check that user already have 2 active sessions and as authorization I can simply deny.

Has anyone done anything like this, any thoughts will be appreciated.

 

I understand we can achieve something similar by leveraging device registration portal and provisioning and limiting the device registration per user to 2, unfortunately we have license limit to do so and management is not ready to invest yet. So I am trying to think of an alternative here with base license only.

 

Thank you

-hope this helps-
1 Reply 1

Venkatesh Attuluri
Cisco Employee
Cisco Employee

if this is for wireless user then WLC has a feature to limit the number of sessions per username

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: