Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Restrict Concurrent User Logins via ACS


I have my WLC 5508 doing 802.1x auth for wireless users.  The WLC is set to allow unlimited logins per user (becuase we have a bunch of wireless networks and I only want this setting on 1 of them).  I'm trying to use the ACS to concurrent logins for users.  In ACS, under Access Policies - Max User Session Policy - Max Session User Settings, I have it set to 1. 

It's still allowed the same user to login from multiple laptops.  Is there some other way of enabling this feature via ACS? 

Cisco Employee

Restrict Concurrent User Logins via ACS

Did you configure WLC for radius accounting as well?

Jatin Katyal

**Do rate helpful posts**

~BR Jatin Katyal **Do rate helpful posts**
New Member

Re: Restrict Concurrent User Logins via ACS

Yes I did.  However I'm still only getting Starts and Interim-Updates.  I don't see any stops when I remove a client from the network.  I see some stops with just random characters as the usernames, but I'm assuming thats from my other networks that don't have 802.1x configured. 

EDIT:  The other wireless networks are set like this:

But they're definitely still sending messages to my radius servers (maybe thats a WLC bug).  These shouldn't be doing anything with radius so I'll disable this tonight when noone is logged in and see if that cleans up the logs a little so it's easier to find the STOP messages from users

Also, I misspoke.  After the idle timeout (300 seconds) I do get a stop message.  However, I can still login twice with a particular user before that stop comes in.