Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Max concurrent login limitation stopped working for dot1x authentications on WLC

Hello folks,

I ran into an issue while deploying integrating WLC with ISE and changing the authentication to dot1x.

Previously when it was set to WebAuth this limitation somehow worked even though it was very unhelpful because the user was getting an error message that didn't specify the reason why he was denied. See attached file that shows how it was setup in WLC

Now when we changed it to dot1x and all authentications are done on ISE side this limitation doesn't work anymore.

Needless to say that current ISE software doesn't support it as well. Cisco only promises to have it addressed in the future release 1.2

Any ideas or suggestions if I still can use this rudimentory limitation with dot1x ?

Hall of Fame Super Silver

Re: Max concurrent login limitation stopped working for dot1x au

Well that feature works with ACS 5.x, so it must be a limitation with ISE.

Sent from Cisco Technical Support iPad App

*** Please rate helpful posts ***

Max concurrent login limitation stopped working for dot1x authen


In your screenshot there is a foot note says:

"When using 802.1X security make sure max-login-ignore-identity-response is disabled.".

You need to disable max-loign-itnore-identity-response in order for the limitation to work.

You can disable it from GUI:

Security-> Local EAP->General.

You can disable it from CLI:

config advanced eap max-login-ignore-identity-response disable.

I can find this is enabled by default with all my wireless controllers. If you disable it that should get your limitation functionality to work.



Rating useful replies is more useful than saying "Thank you"