cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

166
Views
0
Helpful
1
Replies
ammahend
Contributor

ISE policy condition question

We have a situation, where we want users to have no more than 2 active sessions. For e.g. when user connects the first device with AD credentials it should authenticate and authorize based on policy, same should happen when the same user connects second device with same credentials. However when user connects the 3rd device with same credentials, I want to create a condition, where ISE can check that user already have 2 active sessions and as authorization I can simply deny.

Has anyone done anything like this, any thoughts will be appreciated.

 

I understand we can achieve something similar by leveraging device registration portal and provisioning and limiting the device registration per user to 2, unfortunately we have license limit to do so and management is not ready to invest yet. So I am trying to think of an alternative here with base license only.

 

Thank you

-Rate helpful posts-
1 REPLY 1
Venkatesh Attuluri
Cisco Employee

if this is for wireless user then WLC has a feature to limit the number of sessions per username

Content for Community-Ad