This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
For specific requirement, needs to configure the User access count restriction for Cisco EPNM GUI access. Cisco EPNM is configured for TACACS with Cisco ISE 2.4 and customer wants to restrict the number of users in a user group have access on EPNM for a specific time.
I went through the below document and tried to configure the same solution for TACACS but it didnt't work:
Test I performed:
for TACACS access, configured the EPNM users into a group and limit the particular group with below configuration:
Administration > System>Settings > Max Sessions > Group: 1
and also tried:
Navigate to Administration > System > Settings > Max Sessions > Group > Max session for users in Group : 1
And tried to access the EPNM GUI with 2 different users at same time, it is working with no fail.
Can someone please point out if i missed something into configuration.
It is Customer live network so only the option mentioned into Document, i din't try is the: Administration > System > Settings > Max Sessions, that is by default to set "unlimited".
Above is the mandatory configuration to change from unlimited?
As mentioned into document, does it work for TACACS also, meets the requirement which CU have right now(i tired with Router also for SSH connection, doesn't work).
Solved! Go to Solution.
Hi Thanks for reply.
My exact query is, does this functionality works with ISE GUI access only or for TACACS devices/users also? If yes, then EPNNM server doesn't have accounting features to use. only authentication and a pre-defined template for authorization is configured on ISE end. so in that case, this function won't work?
I think it might not work for T+ if command accounting also enabled. Please engage our ESC team if you need help decipher the debug logs.
is there any update for this issue ? i as well want to restrict sessions when authenticate network devices with TACACS