https://community.cisco.com/t5/network-access-control/limiting-user-login-access/m-p/3543312#M519277 <HTML><HEAD></HEAD><BODY><P>There is no alarm to alert the same user logging more than once.</P><P>Like Charles and Ognyan said, ISE 2.2+ has max sessions to limit per user, which applies to external users as well, and per internal-user-group. These settings are per PSN, unlike the guest max sessions, which are per deployment.</P></BODY></HTML> Sun, 10 Dec 2017 01:52:31 GMT hslai 2017-12-10T01:52:31Z https://community.cisco.com/t5/network-access-control/limiting-user-login-access/m-p/3543309#M519271 <HTML><HEAD></HEAD><BODY><P>I know we can control the number of sessions per user</P><P>Is there a way to alert if a user attempts more then one login, while policy permits multiple logins?</P><P>This would be ISE 2.3</P><P>Maybe Stealthwatch integration</P></BODY></HTML> Thu, 07 Dec 2017 16:57:30 GMT https://community.cisco.com/t5/network-access-control/limiting-user-login-access/m-p/3543309#M519271 lcammara 2017-12-07T16:57:30Z https://community.cisco.com/t5/network-access-control/limiting-user-login-access/m-p/3543310#M519274 <HTML><HEAD></HEAD><BODY><P>This was introduced in ISE 2.3.&nbsp; Go to Administration &gt; System &gt; Settings &gt; Max Sessions.</P><P></P><P>You can choose to enforce Maximum session based upon user, group</P><P><IMG alt="MaxSessionsPerUser.PNG" class="image-1 jive-image" src="https://community.cisco.com/legacyfs/online/fusion/114011_MaxSessionsPerUser.PNG" style="height: 287px; width: 620px;" /></P><P></P><P>This applies to Internal ISE Users and groups only.&nbsp; Also the enforcement is the max PER POLICY NODE.&nbsp; Here's the page in the Admin Guide:</P><P></P><P><A href="https://www.cisco.com/c/en/us/td/docs/security/ise/2-3/admin_guide/b_ise_admin_guide_23/b_ise_admin_guide_23_chapter_01110.html#id_30990" title="https://www.cisco.com/c/en/us/td/docs/security/ise/2-3/admin_guide/b_ise_admin_guide_23/b_ise_admin_guide_23_chapter_01110.html#id_30990">Cisco Identity Services Engine Administrator Guide, Release 2.3 - Manage Users and External Identity Sources [Cisco Ide…</A></P></BODY></HTML> Thu, 07 Dec 2017 17:55:17 GMT https://community.cisco.com/t5/network-access-control/limiting-user-login-access/m-p/3543310#M519274 Charlie Moreton 2017-12-07T17:55:17Z https://community.cisco.com/t5/network-access-control/limiting-user-login-access/m-p/3543311#M519276 <HTML><HEAD></HEAD><BODY><P>Ise 2.2 support this future too.</P><P><IMG alt="" class="image-1 jive-image" src="https://community.cisco.com/legacyfs/online/fusion/114025_pastedImage_0.png" style="max-width: 1200px; max-height: 900px;" /></P></BODY></HTML> Fri, 08 Dec 2017 09:42:46 GMT https://community.cisco.com/t5/network-access-control/limiting-user-login-access/m-p/3543311#M519276 ognyan.totev 2017-12-08T09:42:46Z https://community.cisco.com/t5/network-access-control/limiting-user-login-access/m-p/3543312#M519277 <HTML><HEAD></HEAD><BODY><P>There is no alarm to alert the same user logging more than once.</P><P>Like Charles and Ognyan said, ISE 2.2+ has max sessions to limit per user, which applies to external users as well, and per internal-user-group. These settings are per PSN, unlike the guest max sessions, which are per deployment.</P></BODY></HTML> Sun, 10 Dec 2017 01:52:31 GMT https://community.cisco.com/t5/network-access-control/limiting-user-login-access/m-p/3543312#M519277 hslai 2017-12-10T01:52:31Z https://community.cisco.com/t5/network-access-control/limiting-user-login-access/m-p/3543313#M519282 <HTML><HEAD></HEAD><BODY><P>Hi hslai,</P><P></P><P>Just to confirm the per user limit also apply for RADIUS authentication? (802.1x to be specified)</P><P></P><P>Thanks</P><P>Wing Churn</P></BODY></HTML> Mon, 19 Mar 2018 15:38:03 GMT https://community.cisco.com/t5/network-access-control/limiting-user-login-access/m-p/3543313#M519282 wileong 2018-03-19T15:38:03Z https://community.cisco.com/t5/network-access-control/limiting-user-login-access/m-p/3543314#M519287 <HTML><HEAD></HEAD><BODY><P>That is correct. This is mainly used for RADIUS authentications.</P><P>It's not working well for T+, due to some existing bug, such as CSCvg26552.</P></BODY></HTML> Mon, 19 Mar 2018 16:09:42 GMT https://community.cisco.com/t5/network-access-control/limiting-user-login-access/m-p/3543314#M519287 hslai 2018-03-19T16:09:42Z https://community.cisco.com/t5/network-access-control/limiting-user-login-access/m-p/3680053#M519291 Is this known to work with certificates as the external user database? <BR /><BR />Is there anything planned to make this work across multiple PSNs using the MnT or some other solution?<BR /><BR />Thanks! Thu, 02 Aug 2018 14:10:37 GMT https://community.cisco.com/t5/network-access-control/limiting-user-login-access/m-p/3680053#M519291 ruhearn 2018-08-02T14:10:37Z https://community.cisco.com/t5/network-access-control/limiting-user-login-access/m-p/3681394#M519295 <P>I have not tested it with certificates myself but am expecting it working with the username/subject based on the cert auth profile(s).</P> <P>Sure, we are looking into multiple PSN. Please discuss your use cases and customer requirements with our PM.</P> Sun, 05 Aug 2018 00:40:12 GMT https://community.cisco.com/t5/network-access-control/limiting-user-login-access/m-p/3681394#M519295 hslai 2018-08-05T00:40:12Z