Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
660
Views
0
Helpful
3
Replies

Cisco ISE 2.x - Restrict Host to only one valid authentication session

Go to solution
Claudio Truttmann
Level 1
Level 1

‎07-05-2017 06:38 AM - edited ‎03-11-2019 12:49 AM

I have a question related to wired dot1x based on EAP-TLS authentication with ISE 2.x.

Is there a possible configuration to restrict one computer with a computer certificate to authenticate only once on an ISE cluster.

As soon the same certificate (subjectname) tries to authenticate on another switch, the client should not get a valid connection.

And what about PEAP-MSCHAPv2 authentication and MAB as well ?
Can we limit one user to only one valid session, so that it is not possible to authenticate twice with the same account/credentials ?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni

‎07-05-2017 07:00 AM

Hi

On ISE 2.2, you have now the possibility to limit the number of session per user. The configuration is done in: Administration > System > Settings > Max Sessions

A user (MSCHAPv2), a computer (certificate for example) and MAC address are all users and this will be limited by this feature.

Here is the official Cisco doc: http://www.cisco.com/c/en/us/support/docs/security/identity-services-engine-22/204463-Configure-Maximum-Concurrent-User-Sessio.html

Can you do the setup and let me know if you have issues?

Thanks

PS: Please don't forget to rate and mark as correct answer if this answered your question


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni

‎07-05-2017 07:00 AM

Hi

On ISE 2.2, you have now the possibility to limit the number of session per user. The configuration is done in: Administration > System > Settings > Max Sessions

A user (MSCHAPv2), a computer (certificate for example) and MAC address are all users and this will be limited by this feature.

Here is the official Cisco doc: http://www.cisco.com/c/en/us/support/docs/security/identity-services-engine-22/204463-Configure-Maximum-Concurrent-User-Sessio.html

Can you do the setup and let me know if you have issues?

Thanks

PS: Please don't forget to rate and mark as correct answer if this answered your question


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful

Go to solution
Claudio Truttmann
Level 1
Level 1
In response to Francesco Molino

‎07-05-2017 07:43 AM

Thanks a lot for your Information.

We'll planning to upgrade to newest Version 2.2.

As soon we've upgraded and implemented those configuration, I'll give Feedback in this discussion.

0 Helpful

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni
In response to Claudio Truttmann

‎07-05-2017 07:51 AM

No problem. You're welcome


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents