07-05-2017 06:38 AM - edited 03-11-2019 12:49 AM
I have a question related to wired dot1x based on EAP-TLS authentication with ISE 2.x.
Is there a possible configuration to restrict one computer with a computer certificate to authenticate only once on an ISE cluster.
As soon the same certificate (subjectname) tries to authenticate on another switch, the client should not get a valid connection.
And what about PEAP-MSCHAPv2 authentication and MAB as well ?
Can we limit one user to only one valid session, so that it is not possible to authenticate twice with the same account/credentials ?
Solved! Go to Solution.
07-05-2017 07:00 AM
Hi
On ISE 2.2, you have now the possibility to limit the number of session per user. The configuration is done in: Administration > System > Settings > Max Sessions
A user (MSCHAPv2), a computer (certificate for example) and MAC address are all users and this will be limited by this feature.
Here is the official Cisco doc: http://www.cisco.com/c/en/us/support/docs/security/identity-services-engine-22/204463-Configure-Maximum-Concurrent-User-Sessio.html
Can you do the setup and let me know if you have issues?
Thanks
PS: Please don't forget to rate and mark as correct answer if this answered your question
07-05-2017 07:00 AM
Hi
On ISE 2.2, you have now the possibility to limit the number of session per user. The configuration is done in: Administration > System > Settings > Max Sessions
A user (MSCHAPv2), a computer (certificate for example) and MAC address are all users and this will be limited by this feature.
Here is the official Cisco doc: http://www.cisco.com/c/en/us/support/docs/security/identity-services-engine-22/204463-Configure-Maximum-Concurrent-User-Sessio.html
Can you do the setup and let me know if you have issues?
Thanks
PS: Please don't forget to rate and mark as correct answer if this answered your question
07-05-2017 07:43 AM
Thanks a lot for your Information.
We'll planning to upgrade to newest Version 2.2.
As soon we've upgraded and implemented those configuration, I'll give Feedback in this discussion.
07-05-2017 07:51 AM
No problem. You're welcome
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide