cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1777
Views
5
Helpful
7
Replies

Limit concurrent radius logins

dan.letkeman
Enthusiast
Enthusiast

Hello,

Does anyone know how to limit concurrent radius logins with ISE.  I am running version 2.1 and I can't seem to find the place where I can set this.  I don't do onboarding and I don't use the guest system.  I just want to limit the basic radius authentication either by concurrent connections or perhaps by AD users?

Thanks,

Dan.

7 Replies 7

Francesco Molino
VIP Mentor VIP Mentor
VIP Mentor

Hi 

Is it for wireless authentication? You can limit on the wlc or on the active directory itself.

For AD I don't remember but searching on Google you should be able to found it. 

I don't know for latest version but you aren't able to limit that through ISE.

Thanks 

PS: Please don't forget to rate and mark as correct answer if this answered your question


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

Yes this is for wireless authentication.

Limiting this on AD won't work for us, as we use these accounts for BYOD and for local device logins.  Limiting this on the WLC also won't work as we don't want to limit this for everyone, and limiting it on the controller is a global setting.

I find it odd that many of the alternative NAC's can limit radius logins.

Dan.

Hi

On ISE you can limit for guest, you can limit the number of devices per Users that should be enrolled but not limit the number of connections. Again, you can see on latest ISE release notes if that changed.

Thanks 

PS: Please don't forget to rate and mark as correct answer if this answered your question


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

Just installed the latest version 2.2 and it seems to have this feature now, but you can't use AD groups or users for the authentication data source.  Only internal users and groups are selectable for the authentication source for the "Max Sessions" option.

Does anyone know if adding external identity sources for "Max Sessions" will be on the road map?

Thanks,

Dan.

dan.letkeman
Enthusiast
Enthusiast

Looks like it is supported in 2.2.  I tested it out against active directory logins and it works.

http://www.cisco.com/c/en/us/support/docs/security/identity-services-engine-22/204463-Configure-Maximum-Concurrent-User-Sessio.html#anc2

However, it is a global setting that, as far as I know, cannot be bypassed with policies.  Also, the group setting does not apply to active directory, only to local ise users.

Hi 

Thanks for your message. I've migrated or POC system in 2.2 and I'll test it tomorrow 

Thanks


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

No need to test it.  I already did.  It works, but is only a global setting.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers