This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
I am trying to understand the Maximum Concurrent User Sessions from the below link & in my network
As per the link, I understand once the guest user maximum limit is reached, the new device which tries to login should not be allowed to access network( based on newest or oldest connection configured ).
I configured maximum session as 2 & when my 3rd client tries to login, the user is given a warning saying "maximum number of clients is reached, do you wish to continue. " The moment continue is pressed, the 1st logged in MAC address is deleted from the ISE database. However all the 3 clients still continue to access wireless network
Is this expected
Solved! Go to Solution.
Thank you for the quick reply.
Yes I have configured remember me ( MAB) option, so that the users don't have to login again. However, I didn't understand how this is related to my issue. In my guest portal, I have mentioned to delete the Newest Connection & ISE is deleting the oldest mac from ENDpoint group & all 3 devices are still connected to the network
I have also created a rule for Max Session Reached, redirect to the Web-auth page. This is also not working . May be I am missing something, let me know
Below are things which I tried
End result I get all the users in the network, which is not in agreement with the configuration
I haven't tested this recently, but if you set your maximum registered endpoints to 2 and a person tries to connect a 3rd one, the very first one should be deleted from the endpoint identity group. You should easily be able to see that by looking at the endpoints on the Context Visibility screen. Now just because an endpoint is deleted from the endpoint identity group doesn't mean they are kicked off wireless. That is two different things. You would have to remove them from the SSID on the WLC and see if ISE allows them to connect back again. They should get sent back to the portal on that first MAC address.
I could see a close match with an enhancement bug