12-07-2017 08:57 AM
I know we can control the number of sessions per user
Is there a way to alert if a user attempts more then one login, while policy permits multiple logins?
This would be ISE 2.3
Maybe Stealthwatch integration
12-07-2017 09:55 AM
This was introduced in ISE 2.3. Go to Administration > System > Settings > Max Sessions.
You can choose to enforce Maximum session based upon user, group
This applies to Internal ISE Users and groups only. Also the enforcement is the max PER POLICY NODE. Here's the page in the Admin Guide:
12-08-2017 01:42 AM
Ise 2.2 support this future too.
12-09-2017 05:52 PM
There is no alarm to alert the same user logging more than once.
Like Charles and Ognyan said, ISE 2.2+ has max sessions to limit per user, which applies to external users as well, and per internal-user-group. These settings are per PSN, unlike the guest max sessions, which are per deployment.
03-19-2018 08:38 AM
Hi hslai,
Just to confirm the per user limit also apply for RADIUS authentication? (802.1x to be specified)
Thanks
Wing Churn
03-19-2018 09:09 AM
That is correct. This is mainly used for RADIUS authentications.
It's not working well for T+, due to some existing bug, such as CSCvg26552.
08-02-2018 07:10 AM
08-04-2018 05:40 PM
I have not tested it with certificates myself but am expecting it working with the username/subject based on the cert auth profile(s).
Sure, we are looking into multiple PSN. Please discuss your use cases and customer requirements with our PM.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide