Solved: [CISCO ACS 5.8], Limit User Session (802.1x) from external source ( AD)

Lee NGUYEN · ‎10-21-2019

Dear all friends and experts.,

I have a Cisco ACS 5.8 running for user authentication (802.1x) from external sources ( AD)

Now, session client is unlimited, users can access to WIFI network by any devices.

What did I do?

- Configured group mapping to mapping group AD to Identity Group ( internal)

- Setting Max session users setting to 1 (session)

- Setting Max session group setting to 1 (session)

Results

- It does not work, I can access the network by any devices with an only account, seem like one account can active multi-session.

Please help me, and guide how to do that, because I know that we can limit sessions in the ACS system.

Thank you in advance.

Best and regards.,

Lee,

Damien Miller · ‎10-21-2019

Not a direct fix for your issue, but with ACS going end of support on August 31, 2020, you could look at moving to ISE. This is supported and works with ISE in the way that you want.

https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine-22/204463-Configure-Maximum-Concurrent-User-Sessio.html

Damien Miller · ‎10-21-2019

Not a direct fix for your issue, but with ACS going end of support on August 31, 2020, you could look at moving to ISE. This is supported and works with ISE in the way that you want.

https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine-22/204463-Configure-Maximum-Concurrent-User-Sessio.html

Lee NGUYEN · ‎10-21-2019

Thank you for your reply.,

As I read ACS documents, they said that : Limit sessions can be done on ACS.

May me this function does not work?

Thank you so much !

Jason Kunst · ‎10-21-2019

yes even ISE is developing new feature for this to work so ACS is old no new development for years