12-11-2023 01:28 AM
Hi Team,
I am, currently in the process of designing a network that requires specific limitations on the number of concurrent sessions per user, for example 3 sessions for regular employees and 6 sessions for managers. My understanding is that ISE can manage concurrent sessions per PSN node. However, in our configuration we have PSNs behind F5 load balancers.
So, as I understand, we need to ensure that all RADIUS requests for the same user are directed to the same PSN, additionally, we need to ensure that all RADIUS packets with the same Calling-Station-ID are also routed to the same PSN.
Is my understanding right and if yes how it can be implemented effectively.
Upon reviewing the available documentation and support community topics, I have not been able to find a solution that specifically addresses this requirement.
Thank you
Solved! Go to Solution.
12-12-2023 04:41 AM
Administration > System > Settings > Max Sessions
12-11-2023 05:31 AM
Where are the users? Local on ISE? AD? SAML IDP? Somewhere else?
Also what are the use-cases? Wired? Wireless? VPN? What is the auth method? Certificates? username/password? Machine and/or user authentication?
https://community.cisco.com/t5/security-documents/how-to-ask-the-community-for-help/ta-p/3704356
12-12-2023 03:28 AM
The users are storred localy in ISE.
Access method is Wireless
Auth is 802.1x username/password
12-12-2023 04:41 AM
Administration > System > Settings > Max Sessions
12-14-2023 04:21 AM
The primary concern in our network setup is ensuring that RADIUS requests from the same user consistently land on the same PSN when routed through F5 load balancers. This is crucial for the proper functioning of the Max Sessions feature in Cisco ISE, which operates on a per-PSN basis. We are looking for a solution that guarantees this consistent routing. Additionally, we need to manage RADIUS packets with the same Calling-Station-ID in a similar manner, ensuring they are also directed to the same PSN.
12-14-2023 04:33 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide