block simultaneous logins by the same user on wired 802.1x

nir-r · ‎02-10-2015

Is it possible to block simultaneous logins by the same user, meaning is userX login on port gi1/0/1 and after that the same user (UserX) is trying to login on a different port, it will be blocked.

nspasov · ‎02-10-2015

The policies that you apply on your Radius server would apply to all ports on the switch (unless you have some exceptions), thus it wouldn't matter where the user is connecting as he/she would get "access-reect" thus preventing him/her from getting access to the network.

I hope this helps!

Thank you for rating helpful posts!

nir-r · ‎02-10-2015

This isn't what I am looking for. ISE has the information about live sessions, I would like to prevent multiple authentication with the same username on wired dot1x

nspasov · ‎02-10-2015

Sorry I did not read your original question correctly. So at the moment, you can only restrict the number of concurrent connections for users that are only going through the web authentication process. If you are using EAP-TLS, PEAP, etc, then there is no method to restrict those users from performing multiple authentications on the network.

Thank you for rating helpful posts!

nir-r · ‎02-10-2015

Thanks, Hope to have this feature in ISE or PEAP and EAP-TLS.

nspasov · ‎02-10-2015

Yeah, unfortunately, it is not an option as of the latest version. I know that it has been suggested before so hopefully Cisco will develop this enhancement.

Thank you for rating helpful posts!