Implementing max user sessions settings for TACACS with ACS 5.3

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-09-2012 10:30 AM - edited 03-10-2019 07:16 PM
I'm a little confused about the configuration of max user sessions for device administration with TACACS.
When I've changed the configutration of unlimited sessions for a value in Access Policies > Max User Session Policy > Max Session User Settings
I think this value could limit the maximum number of sessions for each user, but instead this value limit in a global meaning all of my sessions.
For example: I need to limit the session for my users in 2.
user1 = Max 2 sessions
user2 = Max 2 sessions
user3 = Max 2 sessions
Whe i Put the value of 2 in Max Session User Settings
user1 + user2 + user3 = Max 2 sessions
This is a limitation of ACS 5.3 or my configuration needs something aditional.
- Labels:
-
AAA
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-09-2012 08:33 PM
Luis,
Are you saying that when you authenticate with user1 and user 2 that user3 isnt able to get access?
Do you have tacacs accounting enabled on the network access device?
Also what do you have configured for the group settings? If there is a maximum group setting and all the users are a member of the same group then the lesser of the two will be enforced. So if the group max sessions is set to 1 then the all users in that group will have a max session of 1.
Here is some reference material.
Thanks,
Tarik Admani
