Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
575
Views
0
Helpful
1
Replies

802.1X wirelss restriction on User Login policies

yong khang NG
Level 5
Level 5

‎11-20-2012 09:35 PM - edited ‎03-10-2019 07:48 PM

Hi all,

Seeking some technical idea on Wireless 802.1x setup.

Business requirement is:

"User login policy: to limit the number of concurrent login by a single user only apply to one device at any given time. "

There is no problem on PEAP/MSCHAPv2 login, only thing is the same user credential able to be use and login on multiple device, in the same time.

On the NAD part, we configure these on WLC but still cannot achieve our objective

- advanced eap max-login-ignore-identity-response disable

- netuser maxuserLogin 1

Seeking technical solution on this case, please advice. Is there anything need to tweak on the directory server or ACS part?

The components using as below:

Supplicant 1: Window 7, authentication method using PEAP/MSCHAPv2

Supplicant 2: iPhone iOS version 6.x

Authenticator: Cisco Wireless Controller 5800 Series on code version 7.2

Authentication server: Cisco secure server ACS 5.3.0.40

Identity Source : Microsoft server 2008 R2 ADDS, single forest single domain.

attached the network diagram: topo1.png

Labels:
Preview file
50 KB
0 Helpful
1 Reply 1

Saurav Lodh
Level 7
Level 7

‎08-06-2014 06:36 PM

http://www.cisco.com/c/en/us/support/docs/wireless/5500-series-wireless-controllers/112175-acs51-peap-deployment-00.html

0 Helpful
Customers Also Viewed These Support Documents