Re: Maximum Concurrent User Sessions with PEAP and redirect to portal

piotrPaszk · ‎04-19-2020

Hi,

One of my customers is using PEAP ( AD credentials) for the devices brought to work by the employees. He has recently realised that some users are giving away its AD credentials so we see a hudge amount of devices belonging to some of the users. I took a look at the Maximum Concurrent User Sessions option but I see there no besically option to map external identity groups, only internal ( wonder why ?). In this case I can turn on the function globally and set it up to 2 sessions per user for all. But I do want to notify the users about Maximum Concurrent User Sessions beeing exided in some way. Preferably to get users som kind of pop-up or web page which will notify them.

Is this possible with ISE ?

Best regards,

Piotr Paszkowski

balaji.bandi · ‎04-19-2020

how the user authenticating use Potal ?

here is some reference :

https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine-22/204463-Configure-Maximum-Concurrent-User-Sessio.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

piotrPaszk · ‎04-19-2020

Hi,

Thanks for the answer :-) I did not get you question though ?

The users have authz policy which says user uses PEAP and exernal identity group AD: XXXX than result XXXX. I want to add this: Network Access·SessionLimitExceeded and if this is true then result: ( access deny due to limit exeeded) and then redirect to a info page or portal ?

Is it possible only with guest access or redirect can be used with PEAP ?

Br

Piotr

phyowaitun · ‎07-15-2021

Hi,

I am using 802.1x EAP for wireless. I followed the reference of this link.

Still ISE is not restricting concurrent sessions for External Identity Group ( Active Directory ).