cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

1733
Views
0
Helpful
1
Replies
Luis Perez
Beginner

Implementing max user sessions settings for TACACS with ACS 5.3

I'm a little confused about the configuration of max user sessions for device administration with TACACS.

When I've changed the configutration of unlimited sessions for a value in Access Policies > Max User Session Policy > Max Session User Settings

I think this value could limit the maximum number of sessions for each user, but instead this value limit in a global meaning all of my sessions.

For example: I need to limit the session for my users in 2.

user1 = Max 2 sessions

user2 = Max 2 sessions

user3 = Max 2 sessions

Whe i Put the value of 2 in Max Session User Settings

user1 + user2 + user3 = Max 2 sessions

This is a limitation of ACS 5.3 or my configuration needs something aditional.

1 REPLY 1
Tarik Admani
Advocate

Luis,

Are you saying that when you authenticate with user1 and user 2 that user3 isnt able to get access?

Do you have tacacs accounting enabled on the network access device?

Also what do you have configured for the group settings? If there is a maximum group setting and all the users are a member of the same group then the lesser of the two will be enforced. So if the group max sessions is set to 1 then the all users in that group will have a max session of 1.

Here is some reference material.

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.3/user/guide/access_policies.html#wp1162177

Thanks,

Tarik Admani

Content for Community-Ad