09-30-2018 11:02 AM
I am trying to understand the Maximum Concurrent User Sessions from the below link & in my network
As per the link, I understand once the guest user maximum limit is reached, the new device which tries to login should not be allowed to access network( based on newest or oldest connection configured ).
I configured maximum session as 2 & when my 3rd client tries to login, the user is given a warning saying "maximum number of clients is reached, do you wish to continue. " The moment continue is pressed, the 1st logged in MAC address is deleted from the ISE database. However all the 3 clients still continue to access wireless network
Is this expected
Regards
Nikhil
Solved! Go to Solution.
09-30-2018 12:18 PM
10-01-2018 05:15 AM
10-02-2018 04:44 AM
09-30-2018 12:18 PM
09-30-2018 08:40 PM
Hi Jason,
Thank you for the quick reply.
Yes I have configured remember me ( MAB) option, so that the users don't have to login again. However, I didn't understand how this is related to my issue. In my guest portal, I have mentioned to delete the Newest Connection & ISE is deleting the oldest mac from ENDpoint group & all 3 devices are still connected to the network
I have also created a rule for Max Session Reached, redirect to the Web-auth page. This is also not working . May be I am missing something, let me know
Regards
Nikhil
10-01-2018 05:15 AM
10-01-2018 06:23 AM
Below are things which I tried
End result I get all the users in the network, which is not in agreement with the configuration
10-01-2018 06:07 AM
I haven't tested this recently, but if you set your maximum registered endpoints to 2 and a person tries to connect a 3rd one, the very first one should be deleted from the endpoint identity group. You should easily be able to see that by looking at the endpoints on the Context Visibility screen. Now just because an endpoint is deleted from the endpoint identity group doesn't mean they are kicked off wireless. That is two different things. You would have to remove them from the SSID on the WLC and see if ISE allows them to connect back again. They should get sent back to the portal on that first MAC address.
10-01-2018 06:25 AM
when I have selected the " Disconnect the newest connection " why the ISE is deleting the oldest mac
10-02-2018 04:32 AM
I could see a close match with an enhancement bug
10-02-2018 04:44 AM
10-02-2018 05:02 AM
The bug was shared with me by the TAC