Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1071
Views
10
Helpful
3
Replies

Max Sessions for user and machine in external identity groups

Go to solution
piotrPaszk
Level 1
Level 1

‎06-23-2019 06:27 AM

Hello,

 

I am facing a challenge how to limit a number of session for users and machines. I do not see that option for the version of ise 2.4 I am using at the moment.

 

Is this only posible to limit users only. I am using eap-tls for machine autorization and I am wondering how to limit that ?

 

Is this something which comming on the road map ? If not, Is there any work around ?

 

Br

 

Piotr

0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni

‎06-23-2019 09:25 PM

Hi

Follow this link:
https://www.cisco.com/c/en/us/td/docs/security/ise/2-3/admin_guide/b_ise_admin_guide_23/b_ise_admin_guide_23_chapter_01110.html#id_30990

It shows how to limit the concurrent session per user or per group.
Per user is based per psn whereas per group is max session for a user on all PSNs in the group.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

View solution in original post

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni
In response to piotrPaszk

‎06-24-2019 01:31 PM

Nope today you can't do it based on AD Group. An enhancement is opened but still nothing:
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvd22392

The user limit will be per PSN only.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

View solution in original post

3 Replies 3

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni

‎06-23-2019 09:25 PM

Hi

Follow this link:
https://www.cisco.com/c/en/us/td/docs/security/ise/2-3/admin_guide/b_ise_admin_guide_23/b_ise_admin_guide_23_chapter_01110.html#id_30990

It shows how to limit the concurrent session per user or per group.
Per user is based per psn whereas per group is max session for a user on all PSNs in the group.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

Go to solution
piotrPaszk
Level 1
Level 1
In response to Francesco Molino

‎06-24-2019 01:14 AM

Hi Francesco :)

 

Thank you for the answer. But I just wonder

 

1. if it is possible to use those limits with external identity groups ? I did not see any group I have defined which come from AD on that list.

2. If user limit is per SSID og PSN or just PSN ?

 

Br Piotr

0 Helpful

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni
In response to piotrPaszk

‎06-24-2019 01:31 PM

Nope today you can't do it based on AD Group. An enhancement is opened but still nothing:
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvd22392

The user limit will be per PSN only.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
Customers Also Viewed These Support Documents