https://community.cisco.com/t5/network-access-control/limit-concurrent-radius-user-session/m-p/3525992#M538170 <HTML><HEAD></HEAD><BODY><P>I would recommend getting this over to the Product PM <A href="https://community.cisco.com//u1/293019">surasky</A> as a request</P><P></P><P>From what I understand you can limit it on the active directory side of things but can't find the thread on that right now</P></BODY></HTML> Tue, 26 Jul 2016 15:08:25 GMT Jason Kunst 2016-07-26T15:08:25Z https://community.cisco.com/t5/network-access-control/limit-concurrent-radius-user-session/m-p/3525991#M538169 <HTML><HEAD></HEAD><BODY><P>Hi All</P><P></P><P>This question comes up every so often, do we currently(v2.1?) or are there any plans to support the capability to limit RADIUS authenticated users to a single concurrent user session?</P><P></P><P>I know this is currently possible for Guest users but my question and the customer use case is specifically focused on non guest users.</P><P></P><P>This is possibly in ACS and there is a existing ISE feature request, tracked by CSCuq04372</P><P></P><P>P</P></BODY></HTML> Tue, 26 Jul 2016 11:27:40 GMT https://community.cisco.com/t5/network-access-control/limit-concurrent-radius-user-session/m-p/3525991#M538169 pbeyleve 2016-07-26T11:27:40Z https://community.cisco.com/t5/network-access-control/limit-concurrent-radius-user-session/m-p/3525992#M538170 <HTML><HEAD></HEAD><BODY><P>I would recommend getting this over to the Product PM <A href="https://community.cisco.com//u1/293019">surasky</A> as a request</P><P></P><P>From what I understand you can limit it on the active directory side of things but can't find the thread on that right now</P></BODY></HTML> Tue, 26 Jul 2016 15:08:25 GMT https://community.cisco.com/t5/network-access-control/limit-concurrent-radius-user-session/m-p/3525992#M538170 Jason Kunst 2016-07-26T15:08:25Z https://community.cisco.com/t5/network-access-control/limit-concurrent-radius-user-session/m-p/3525993#M538171 <HTML><HEAD></HEAD><BODY><P>Thanks for the reply Jason</P><P></P><P>Also found a quick and dirty workaround using the Cisco WLC. Will probably only work with a single mobility group as multiple group will create an auth issue when roaming if concurrency is limited to 1.</P><P></P><P>config advanced eap max-login-ignore-identity-response ?</P><TABLE><TBODY><TR><TD>enable&nbsp;&nbsp; </TD><TD><P> ignore the same username reaching max in</P><P>the EAP identity response</P></TD></TR><TR><TD>disable</TD><TD>check the same username reaching max in the EAP identity response</TD></TR></TBODY></TABLE><P></P><P>This is from slide 122 of BRKEWN-2005 presented at Cisco Live Berlin:</P><P><A class="jive-link-external-small" href="https://cisco.box.com/s/omn1dzhf5l005gxvvpx4xtklo4fr0khs" rel="nofollow" target="_blank">https://cisco.box.com/s/omn1dzhf5l005gxvvpx4xtklo4fr0khs</A></P><P></P><P>Will be better if implemented on ISE.</P></BODY></HTML> Wed, 27 Jul 2016 12:29:19 GMT https://community.cisco.com/t5/network-access-control/limit-concurrent-radius-user-session/m-p/3525993#M538171 pbeyleve 2016-07-27T12:29:19Z https://community.cisco.com/t5/network-access-control/limit-concurrent-radius-user-session/m-p/3525994#M538172 <HTML><HEAD></HEAD><BODY><P>agree and thanks! we are looking to add this into an upcoming release, if you are a customer and have this request please make sure you reach out to your account team to get in a request</P></BODY></HTML> Wed, 27 Jul 2016 15:03:02 GMT https://community.cisco.com/t5/network-access-control/limit-concurrent-radius-user-session/m-p/3525994#M538172 Jason Kunst 2016-07-27T15:03:02Z