03-25-2019 03:47 AM
Hi Team,
My customer has a request, they only allow one endpoint connected per user, and the user only can use the endpoint first login successfully. Can we make it?
Max session cannot restrict a user to change endpoint.
Thanks
DL
03-25-2019 05:03 AM
In case of using ISE Guest Services, you may the following:
In the guest portal > Portal Behavior and Flow Settings > Guest Device Registration Settings, check [x] Automatically register guest device. Then, adjust the max number of devices in the Guest Type
03-25-2019 02:26 PM
In case you're not talking about Guest flow, you can also restrict the max number of sessions per user for non-guest flows
I have never used this. And it's also per-PSN (i.e. the PSN controls the limit, and if the user ends up on another PSN then there is a new limit applied etc.) - but still, it might fit your use case.
03-28-2019 06:40 PM
Hi Arne,
Thank you. If a user logoff and logged in with another endpoint, it still can log in the network, IT admin would only allow a user to login network with the endpoint hardware first login. They hope ISE to remember the MAC information and only allow this MAC in the future. Why do they need this, it's because they are using LDAP(no machine auth) and don't have a table to register every company's laptop MAC address, so they expect to simply lock first MAC address of each user.
DL
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide