topic Re: Concurrent sessions based on users in external (AD) group in Network Access Control

Concurrent sessions based on users in external (AD) group

damwhite — Fri, 18 May 2018 16:05:52 GMT

Team,

I understand that it is not currently possible to limit the number of active user sessions based on their AD group membership, but is there any work-around that would accomplish my K12 customer's requirements below?

Limit Students to 1 active session

Limit Faculty and General Staff to 2 active sessions

No session limit for IT Staff

Thanks.

Re: Concurrent sessions based on users in external (AD) group

kvenkata1 — Fri, 18 May 2018 20:18:48 GMT

Please take a look at the following feature available on ISE2.2 or above.

Configure Maximum Concurrent User Sessions on ISE 2.2 - Cisco

- Krish

Re: Concurrent sessions based on users in external (AD) group

damwhite — Fri, 18 May 2018 20:29:04 GMT

Krish,

I've already tried the instructions in that document, but it appears to only apply to Internal Groups and not External groups. I'm looking for a way to apply session thresholds based on existing groups in AD.

Thanks,

Damien

Re: Concurrent sessions based on users in external (AD) group

hslai — Sat, 19 May 2018 03:03:17 GMT

Potential workarounds are:

Create internal users using AD for passwords
Limit concurrent logins on a WS 2008 environment