Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Single Session per Authentication/MAC

Hi All

We are in process to deploy a wireless for a customer with ACS, where we want A single User/machine to have a login checked with External Identity store and have only one session at a time.

i.e. if User A logged in with Machine A, he should not be able to use Machine B for the same authentication even if the Machine B is having MAC authenticated, (please note that MAC Authentication is not necessory but one user should use only one machine)

I am a little new to the ACS/Wireless, any help would be highly appriciated.

Many thanks for reading me.

Everyone's tags (2)
3 REPLIES
Cisco Employee

Re: Single Session per Authentication/MAC

Hi tarun,

I think you are looking for the new feature in ACS 5.3:

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.3/release/notes/acs_53_rn.html#wp195861

Maximum user sessions

Allows you to restrict the user from too many concurrent user sessions. The permitted number of concurrent user sessions is between 1 and 65535.

For more information on this see:

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.3/user/guide/access_policies.html#wp1176806

Hope this help

Community Member

Single Session per Authentication/MAC

Hi Bastien

Thanks for you answere, I have tried to put this in place but unable to succeed in any ways. It doesnt work for me. May be I am not configuring it properly.

The user is getting access in all possible logins. I am using RADIUS and have enabled the Auth and Acc both from WLC. Even I can see the Auth and Acc messages in the ACS Logs.

Any Help Guys!

Thanks in advance.

Cisco Employee

Single Session per Authentication/MAC

Hello Tarun,

In this menu:

System Administration > Users > Max User Session Global Settings

You can define the Radius Session Attribute that will be identified to uniquely identify Sessions. Please make sure that your NAD send all of these attributes on the accounting start and that they are identidical on all attempts for the same user. You may also try to use more permissive session keys, like only username for example.

More info here:

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.3/user/guide/access_policies.html#wp1163339

If that doesn't work, maybe you should open a TAC Case.

Regards,
Bastien

507
Views
0
Helpful
3
Replies
CreatePlease to create content