Solved: need to configure Max Concurrent Logins for a user name on SSID

Muthukumar Alagarsamy · ‎02-05-2014

need to configure Max Concurrent Logins for a user name on SSID wise in WLC 5508.

I don't want to use the below,

Choose SECURITY > AAA > User Login Policies to navigate to the User Policies page.

This page enables you to specify the maximum number of concurrent logins for a single username, 0 (unlimited) through eight.

because this cannot be configured for an specific SSID or for an specific user, it is global for all users and all SSIDs

In simple ways i have two SSID, want to configure like below.

"SSID1" - need to allow unlimited concurrent users for a single username

"SSID2" - need to limit concurrent users for a single username.

Is there any way to achive this?

Sandeep Choudhary · ‎02-05-2014

HI Muthu,

Are you using ISE(identity service engine ) ????

If yes then after ISE version 1.2 you can use this feautre:

This is a global setting affecting all Guest portals.

Step 1 Choose Administration > Web Portal Management > Settings > Guest > Portal Policy.

Step 2 Check the Allow only one guest session per user option.

Step 3 Click Save.

Check this screenshot:

Or the other method is(which u dont want to use) Choose SECURITY > AAA > User Login Policies to navigate to the User Policies page.

as per my knowledge you can use ionly these two option.

Reagrds

Dont forget to rate helpful posts

View solution in original post

Scott Fella · ‎02-05-2014

The concurrent login is for both... you will not be able to do what you want.

Thanks,

Scott

*****Help out other by using the rating system and marking answered questions as "Answered"*****

-Scott
*** Please rate helpful posts ***

View solution in original post

Sandeep Choudhary · ‎02-05-2014

HI Muthu,

Are you using ISE(identity service engine ) ????

If yes then after ISE version 1.2 you can use this feautre:

This is a global setting affecting all Guest portals.

Step 1 Choose Administration > Web Portal Management > Settings > Guest > Portal Policy.

Step 2 Check the Allow only one guest session per user option.

Step 3 Click Save.

Check this screenshot:

Or the other method is(which u dont want to use) Choose SECURITY > AAA > User Login Policies to navigate to the User Policies page.

as per my knowledge you can use ionly these two option.

Reagrds

Dont forget to rate helpful posts

Scott Fella · ‎02-05-2014

Using the WLC, there is not a good way of doing what you want. That login limit is global. The other thing is how are you authenticating users? If your using 802.1x, users should only be able to associate to one SSID, not both or else the policies can be tricky and not work. If users can only authenticate to one SSID, then you might be able to add a condition to the policy to check if the login has been used. If you don't have a radius server and just trying to use the WLC, then it's not possible.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

Muthukumar Alagarsamy · ‎02-05-2014

I'm using [WPA2][Auth(802.1X)] - "SSID1" and Web-Auth - "SSID2"

Scott Fella · ‎02-05-2014

Well unless the WebAuth is also hitting your radius, there is no way to do what you want.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

Muthukumar Alagarsamy · ‎02-05-2014

WLAN 1 - SSID1 - [WPA2][Auth(802.1X)] - Radius auth - unlimitted concurrent login

WLAN 2 - SSID2 - Web-Auth - Local auth - limited concurrent login for single username (attached the screenshot)

Scott Fella · ‎02-05-2014

The concurrent login is for both... you will not be able to do what you want.

Thanks,

Scott

*****Help out other by using the rating system and marking answered questions as "Answered"*****

-Scott
*** Please rate helpful posts ***