Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
2595
Views
5
Helpful
7
Replies

Limit concurrent radius logins

dan.letkeman
Level 4
Level 4

‎03-05-2017 05:36 PM - edited ‎03-11-2019 12:31 AM

Hello,

Does anyone know how to limit concurrent radius logins with ISE.  I am running version 2.1 and I can't seem to find the place where I can set this.  I don't do onboarding and I don't use the guest system.  I just want to limit the basic radius authentication either by concurrent connections or perhaps by AD users?

Thanks,

Dan.

Labels:
0 Helpful
7 Replies 7

Francesco Molino
VIP Alumni
VIP Alumni

‎03-06-2017 05:59 PM

Hi 

Is it for wireless authentication? You can limit on the wlc or on the active directory itself.

For AD I don't remember but searching on Google you should be able to found it. 

I don't know for latest version but you aren't able to limit that through ISE.

Thanks 

PS: Please don't forget to rate and mark as correct answer if this answered your question


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful

dan.letkeman
Level 4
Level 4
In response to Francesco Molino

‎03-07-2017 06:30 AM

Yes this is for wireless authentication.

Limiting this on AD won't work for us, as we use these accounts for BYOD and for local device logins.  Limiting this on the WLC also won't work as we don't want to limit this for everyone, and limiting it on the controller is a global setting.

I find it odd that many of the alternative NAC's can limit radius logins.

Dan.

0 Helpful

Francesco Molino
VIP Alumni
VIP Alumni
In response to dan.letkeman

‎03-07-2017 08:50 AM

Hi

On ISE you can limit for guest, you can limit the number of devices per Users that should be enrolled but not limit the number of connections. Again, you can see on latest ISE release notes if that changed.

Thanks 

PS: Please don't forget to rate and mark as correct answer if this answered your question


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful

dan.letkeman
Level 4
Level 4
In response to dan.letkeman

‎03-13-2017 12:09 PM

Just installed the latest version 2.2 and it seems to have this feature now, but you can't use AD groups or users for the authentication data source.  Only internal users and groups are selectable for the authentication source for the "Max Sessions" option.

Does anyone know if adding external identity sources for "Max Sessions" will be on the road map?

Thanks,

Dan.

0 Helpful

dan.letkeman
Level 4
Level 4

‎04-18-2017 08:32 AM

Looks like it is supported in 2.2.  I tested it out against active directory logins and it works.

http://www.cisco.com/c/en/us/support/docs/security/identity-services-engine-22/204463-Configure-Maximum-Concurrent-User-Sessio.html#anc2

However, it is a global setting that, as far as I know, cannot be bypassed with policies.  Also, the group setting does not apply to active directory, only to local ise users.

Francesco Molino
VIP Alumni
VIP Alumni
In response to dan.letkeman

‎04-18-2017 02:01 PM

Hi 

Thanks for your message. I've migrated or POC system in 2.2 and I'll test it tomorrow 

Thanks


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful

dan.letkeman
Level 4
Level 4
In response to Francesco Molino

‎04-18-2017 04:29 PM

No need to test it.  I already did.  It works, but is only a global setting.

0 Helpful
Top