Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
996
Views
0
Helpful
3
Replies

Single Session per Authentication/MAC

youthonprogress
Level 1
Level 1

‎08-31-2012 01:16 AM - edited ‎03-10-2019 07:29 PM

Hi All

We are in process to deploy a wireless for a customer with ACS, where we want A single User/machine to have a login checked with External Identity store and have only one session at a time.

i.e. if User A logged in with Machine A, he should not be able to use Machine B for the same authentication even if the Machine B is having MAC authenticated, (please note that MAC Authentication is not necessory but one user should use only one machine)

I am a little new to the ACS/Wireless, any help would be highly appriciated.

Many thanks for reading me.

Labels:
0 Helpful
3 Replies 3

Bastien Migette
Cisco Employee
Cisco Employee

‎08-31-2012 01:35 AM

Hi tarun,

I think you are looking for the new feature in ACS 5.3:

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.3/release/notes/acs_53_rn.html#wp195861

Maximum user sessions

Allows you to restrict the user from too many concurrent user sessions. The permitted number of concurrent user sessions is between 1 and 65535.

For more information on this see:

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.3/user/guide/access_policies.html#wp1176806

Hope this help

0 Helpful

youthonprogress
Level 1
Level 1
In response to Bastien Migette

‎09-04-2012 03:08 AM

Hi Bastien

Thanks for you answere, I have tried to put this in place but unable to succeed in any ways. It doesnt work for me. May be I am not configuring it properly.

The user is getting access in all possible logins. I am using RADIUS and have enabled the Auth and Acc both from WLC. Even I can see the Auth and Acc messages in the ACS Logs.

Any Help Guys!

Thanks in advance.

0 Helpful

Bastien Migette
Cisco Employee
Cisco Employee
In response to youthonprogress

‎09-04-2012 03:20 AM

Hello Tarun,

In this menu:

System Administration > Users > Max User Session Global Settings

You can define the Radius Session Attribute that will be identified to uniquely identify Sessions. Please make sure that your NAD send all of these attributes on the accounting start and that they are identidical on all attempts for the same user. You may also try to use more permissive session keys, like only username for example.

More info here:

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.3/user/guide/access_policies.html#wp1163339

If that doesn't work, maybe you should open a TAC Case.

Regards,
Bastien

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents