Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

concurrent Authentication

Hi

I have wireless LAN Controller. I have enabled WPA. I have AAA (CISCO ACS) Server for authentication.

I have individual username passwords for wireless clients. But the same username password is been used simultaneously by two different users.

I want to restrict such a way that the username password is access by one person at a time.

Can you please guide me how to achieve this

R.B.Kumar

8 REPLIES
New Member

Re: concurrent Authentication

In your WLC. Go to Security, AAA, user login policies. You can set the maximum number of concurrent logins for a single user name there.

New Member

Re: concurrent Authentication

Hi Paul,

Thanks for your valuable input. I am using EAP authentication where Cisco ACS server is configured with username and password. Dont i have to do anything on ACS server side. Whether changing the parameters you mentioned is enough?

When a user login to the network by EAP, no other user should be allowed to use this same username and password. This is the prime requirement.

Thanks in advance

RBK

New Member

Re: concurrent Authentication

I believe thats all you need. But if not, in ACS, go to group setup, select the group that you are using for wireless clients. Click edit settings, scroll down to max sessions.

Max Sessions

Set the maximum number of sessions available to groups and users.

Sessions available to group. Sets the maximum number of simultaneous connections for the entire group. A session is any type of connection supported by RADIUS or TACACS+; for example, PPP, Telnet, ARAP, or IPX/SLIP. The options are as follows:

Unlimited. Select this option to allow this group an unlimited number of simultaneous sessions. This effectively disables Max Sessions.

n. Select this option and type the maximum number of simultaneous sessions to allow this group.

Sessions available to users of this group. Sets the maximum number of simultaneous connections for each user in this group. The options are as follows:

Unlimited. Select this option to allow this group an unlimited number of simultaneous sessions. This effectively disables Max Sessions.

n. Type the maximum number of simultaneous sessions to allow this group.

As an example, Sessions available to group is set to 10 and sessions available to users of this group is set to 2. If each user is using the maximum 2 simultaneous sessions, no more than 5 users can log in.

You can also set per-user Max Sessions to be applied to users within the group. This limits the number of simultaneous connections a user can establish.

New Member

Re: concurrent Authentication

Hi Paul,

I appreciate your detailed explanation.

I will do with AAA (ACS server) itself. But along with this do i have to do the setting changes you suggested in the earlier post.

What is the difference between do this thing in WLC (which you refered in first post) and in AAA Server

RBK

Hall of Fame Super Gold

Re: concurrent Authentication

If you do this in the WLC, it will mean ALL USERS including Management users. If you do this option on the ACS, then Management users are optional.

New Member

Re: concurrent Authentication

Not to drudge up an old post, but I have enabled this exact setting on our WLC (running ver 5.2.178), and have set the limit to 2, but I am currently logged in at the same time, with the same account on 3 devices. Anybody know of any reason this could be happening?

Bronze

Re: concurrent Authentication

try this at WLC:

config advanced eap max-login-ignore-identity-response disable

New Member

Re: concurrent Authentication

ran that command on each of our WLC's, same effect (meaning, I can still logon with more devices than I set to be allowed)

334
Views
10
Helpful
8
Replies