Cisco Community
English
Register
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

1733
Views
0
Helpful
1
Replies
Luis Perez
Beginner
Beginner
‎07-09-2012 10:30 AM
‎07-09-2012 10:30 AM

Implementing max user sessions settings for TACACS with ACS 5.3

I'm a little confused about the configuration of max user sessions for device administration with TACACS.

When I've changed the configutration of unlimited sessions for a value in Access Policies > Max User Session Policy > Max Session User Settings

I think this value could limit the maximum number of sessions for each user, but instead this value limit in a global meaning all of my sessions.

For example: I need to limit the session for my users in 2.

user1 = Max 2 sessions

user2 = Max 2 sessions

user3 = Max 2 sessions

Whe i Put the value of 2 in Max Session User Settings

user1 + user2 + user3 = Max 2 sessions

This is a limitation of ACS 5.3 or my configuration needs something aditional.

Labels:
0 Helpful
1 REPLY 1
Tarik Admani
Advocate
Advocate
‎07-09-2012 08:33 PM
‎07-09-2012 08:33 PM

Luis,

Are you saying that when you authenticate with user1 and user 2 that user3 isnt able to get access?

Do you have tacacs accounting enabled on the network access device?

Also what do you have configured for the group settings? If there is a maximum group setting and all the users are a member of the same group then the lesser of the two will be enforced. So if the group max sessions is set to 1 then the all users in that group will have a max session of 1.

Here is some reference material.

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.3/user/guide/access_policies.html#wp1162177

Thanks,

Tarik Admani

0 Helpful
Latest Contents
Cisco + Splunk Integrations Add-on List
Created by Sar on 05-07-2021 12:27 AM
0
5
0
5
The table below shows the whole Cisco Security solutions + Splunk integrations add-ons. Kindly let me know if I have missed some add-ons or if there are any new updates. Thank you!   Hope this will be helpful for everyone who is looking for Splunk in... view more
FMC API | ACP - Delete disabled rules and generate report.
Created by Anupam Pavithran on 05-06-2021 06:48 AM
0
5
0
5
A python based script to generate report if there are disabled rules under an Access Control Policy and an option to delete those rules in bulk.   Preparation Step 1 Download the script on PCStep 2 Make sure python3 is installed on PC and have reach... view more
FMC API | ACP Double logging detection and mitigation script
Created by Anupam Pavithran on 05-06-2021 06:09 AM
0
5
0
5
A python based script to generate report if there are double logging on FMC ACP (logging at beginning and end), having rule action "Allow" or "Trust". (Option1 ) Also, the logging at the begging will be disabled if logging is detected for both beginning ... view more
CCIE Security in a Remote and Cloud Driven Network: SASE and...
Created by ciscomoderator on 04-30-2021 08:00 AM
1
5
1
5
Meet the Authors Slides - CCIE Security in a Remote and Cloud Driven Network: SASE and Beyond (Live event – Thursday, 29th, 2021 at 10:00 a.m. Pacific / 1:00 p.m. Eastern / 7:00 p.m. Paris) This event had place on Thursday 29th, April 2021 at 10hrs P... view more
CCIE Security in a Remote and Cloud Driven Network: SASE and...
Created by ciscomoderator on 04-30-2021 07:55 AM
3
5
3
5
Meet the Authors Video - CCIE Security in a Remote and Cloud Driven Network: SASE and Beyond (Live event – Thursday, 29th, 2021 at 10:00 a.m. Pacific / 1:00 p.m. Eastern / 7:00 p.m. Paris) This event had place on Thursday 29th, April 2021 at 10hrs P... view more
Content for Community-Ad