Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
2182
Views
20
Helpful
9
Replies

Set SSH/TELNET max sessions connections - ISE 2.7

Go to solution
croonos23
Level 1
Level 1

‎10-19-2022 12:34 PM

Hi cisco community, I have tested this feature "Max Sessions" I have understood that this option limits the ssh or telnet connection per user, however I have created a python script using netmiko and have seen more sessions successfully established. 

Could you explain this feature? I want to block ssh/telnet max sessions per user and set limit.

ISE: 2.7

croonos23_0-1666208010626.png

 

0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
croonos23
Level 1
Level 1
In response to ahollifield

‎10-19-2022 04:23 PM - edited ‎10-19-2022 04:24 PM

Thanks for your support, I found a bug in my version (ISE 2.7 patch 2), I will install upgrade and tell you later.

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv14390

View solution in original post

9 Replies 9

Go to solution
croonos23
Level 1
Level 1
In response to ahollifield

‎10-19-2022 12:55 PM

Thanks ahollifield,  I want to block ssh/telnet sessions per user when a limit set by me is reached. Can I do this from the ISE server?

0 Helpful

Go to solution
ahollifield
VIP
VIP
In response to croonos23

‎10-19-2022 01:01 PM

So do you mean for TACACS+ authentications to network devices (switch, router, etc.) or for SSH to ISE itself?   

0 Helpful

Go to solution
croonos23
Level 1
Level 1
In response to ahollifield

‎10-19-2022 01:12 PM

TACACS+ authentications to network devices on network devices, I want to set a limit for ssh or telnet connections to the devices.

croonos23_0-1666210284258.png

 

0 Helpful

Go to solution
ahollifield
VIP
VIP
In response to croonos23

‎10-19-2022 01:15 PM - edited ‎10-19-2022 01:16 PM

This should work for TACACS+ but I've never personally tested it.  What is the authentication source? AD? Local? Something else?  This also requires Accounting to be properly configured so ISE can monitor the active sessions accurately.  

https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine-22/204463-Configure-Maximum-Concurrent-User-Sessio.html#anc14

Go to solution
croonos23
Level 1
Level 1
In response to ahollifield

‎10-19-2022 01:33 PM

I am using Local authentication source, but i changed value and it don't block sessions

0 Helpful

Go to solution
ahollifield
VIP
VIP
In response to croonos23

‎10-19-2022 01:43 PM

Do you have TACACS+ accounting configured? 

0 Helpful

Go to solution
croonos23
Level 1
Level 1
In response to ahollifield

‎10-19-2022 04:23 PM - edited ‎10-19-2022 04:24 PM

Thanks for your support, I found a bug in my version (ISE 2.7 patch 2), I will install upgrade and tell you later.

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv14390

Go to solution
Marcelo Morais
VIP
VIP
In response to croonos23

‎10-20-2022 07:56 AM

Hi @croonos23 ,

 I would like to add just one thing ... please take a look at: Configure Maximum Concurrent User Sessions on ISE 2.2, special attention to:

" ... Enforcement and count of a Concurrent Session is unique and managed by each PSN. There is no synchronization between the PSNs in terms of session count. Concurrent Session feature is implemented in the runtime process and data is stored only in memory. In case of PSN restart, MaxSessions counters reset... "

Hope this helps !!!

0 Helpful
Top