Cisco ISE 2.7 Patch4 Concurrent Sessions Limit Log

david.matta · ‎10-08-2021

Hi,

I'm running an installation of Cisco ISE 2.7 patch4, (which, is documented to fix CSCvv14390 - Concurrent sessions not working).

The limiting of concurrent session now works, which is fine.

However, I'm noticing that on the next attempted session to a device, I don't get any log.

No Authentication Attempt, and certainly no Authorization log.

Previously, I'd have seen a message to say that max sessions had been hit and authorization was denied.

Is this a known issue? Or does anyone know why this may be?

Thanks in advance.

Marcelo Morais · ‎10-08-2021

Hi @david.matta ,

if you are not seeing successful Authentication, please double check the following configuration :

Administration > System > Settings > Protocols > RADIUS: Suppress repeated successful authentications.

Hope this helps !!!

david.matta · ‎10-08-2021

Hi @Marcelo Morais

Thank you for your reply, it's appreciated.

I have now set the setting you suggested, however, do note, the reports I'm looking for are for AAA authentication (TACACS+) not RADIUS.

Regards,

poongarg · ‎10-09-2021

Maximum session per user is for both RADIUS, TACACS sessions combined. Check the RADIUS live logs to confirm if the same user also tried RADIUS authentication and got the report in RADIUS for max session limit reached.

david.matta · ‎10-11-2021

Hi,

Thanks for the suggestion. however, no RADIUS reports are presented during any of the login attempts, including the exceeded session login attempt.

david.matta · ‎10-12-2021

Hi,

Does anyone know whether this is a known issue before I consider raising a TAC case?

Thanks

david.matta · ‎10-19-2021

Sorry to bump, but does anyone know if this is a known issue before I raise a TAC?

Thank you.