Hi Rafael,
It is expected result , as the ISR caches the authenticated user for the default time of 60mins.
#sh ip admission cache
“Client Name user1, Client IP 192.168.1.10, Port 50240, timeout 60, Time Remaining 60, state ESTAB”
when user2 logs in to the same IP Address, unless the timer expires on the ISR, it will continue to use user1 cached information.
Instead of IP admission feature in ISR , you can use EasyID (session based cookie) or SAML (auth with logon credential ) authentication in shared machine environment.
Please reach out to TAC for assistance.
Thanks and Regards,
Ashok Sakthivel.
(asakthiv@cisco.com)