Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1774
Views
0
Helpful
4
Replies

Cisco ISE max session

Go to solution
Sp@wn
Level 1
Level 1

‎02-11-2020 01:14 AM

Hi,

We are using version 2.2 with latest patch in distributed deployment. We want to use max sessions feature but I am not sure about some tuning. After unchecking the unlimited session and setting a maximum of 3 sessions per user, in addition to if we limit the maximum session to 5 per group or per user within the group, which of these restrictions applies to the local user?

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Greg Gibbs
Cisco Employee
Cisco Employee

‎02-11-2020 12:47 PM

The User Max will take precedence. See the following TechNote for examples:

Configure Maximum Concurrent User Sessions on ISE 2.2 

 

Also note that the Max Session cache is not synced across PSNs. Using this feature in a large distributed deployment may have unpredictable effects if the user/group sessions can be spread across multiple PSNs.

 

Cheers,

Greg

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Greg Gibbs
Cisco Employee
Cisco Employee

‎02-11-2020 12:47 PM

The User Max will take precedence. See the following TechNote for examples:

Configure Maximum Concurrent User Sessions on ISE 2.2 

 

Also note that the Max Session cache is not synced across PSNs. Using this feature in a large distributed deployment may have unpredictable effects if the user/group sessions can be spread across multiple PSNs.

 

Cheers,

Greg

0 Helpful

Go to solution
Sp@wn
Level 1
Level 1
In response to Greg Gibbs

‎02-11-2020 10:57 PM

Hi  grgibbs,

 

Thanks for your answer. As a last question do you have any idea about max session effect on external proxy? I guess the setting on the external proxy should be valid in this regard, but does it have an overwhelming advantage here as in the local group?

 

0 Helpful

Go to solution
Greg Gibbs
Cisco Employee
Cisco Employee
In response to Sp@wn

‎02-12-2020 01:57 PM

I don't understand the question. Are you talking about a RADIUS Proxy or a network proxy?

As per the document shared, the Max Sessions applies to external identity sources as well, so session using a RADIUS Proxy would likely be affected.

If you're talking about a network proxy, that would be an independent system that ISE would not have any control over.

0 Helpful

Go to solution
Sp@wn
Level 1
Level 1
In response to Greg Gibbs

‎02-12-2020 10:28 PM

ofcourse I am talking about radius proxy. I was read the external identity part but I wanted to be sure. yesterday I had an opportunity to test it and saw that users coming via radius proxy are not affected by this feature.
0 Helpful
Customers Also Viewed These Support Documents