Cisco Aironet 1850 Mobility Express user ID access limit per device

arif.ropie · ‎08-18-2020

Dear all,

Currently I used Aironet 1850 as master wlc using Mobility Express, (firmware 8.10.121.0). We are running on global password right now but plan to change it into unique ID per user via authentication via Active Directory, the configuration is success thanks to the forum, but my question is on how to set 1 ID for only 1 or 2 devices? because i already search in mobility express web based and found nothing about this. Below i attached together with screenshot about this, the plan is to set 1 ID can only be access with 1 device only. Hope our expert can help me to solve this issue, really appreciate that.

regards

Ara

Sandeep Choudhary · ‎08-19-2020

you can try this command:

(Cisco Controller) >config netuser maxUserLogin 1 or 2

Regards

Dont forget to rate helpful posts

Rich R · ‎08-20-2020

Documentation suggests maxUserLogin only applies to local users so I suspect won't work for AD users but worth a try anyway:
User Login Policies
The user login policies are provided to limit the number of concurrent logins of the local netusers of the controller. You
can limit the number of concurrent logins, and it is recommended to configure a value greater than default of 0 (unlimited
login).
To verify the limit of the netusers:
(Cisco Controller) >show netuser summary
Maximum logins allowed for a given user name..... Unlimited
To configure user login policies:
(Cisco Controller) >config netuser maxuserlogin 5

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's and TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's, Best Practices for 9800 WLC's and Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.190.0, latest 9800 releases, 8.5.182.11 (8.5 mainline) and 8.5.182.108 (8.5 IRCM)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs

arif.ropie · ‎08-20-2020

Thanks @Sandeep Choudhary and @Rich R for your reply, but may I know is the command will implement to all SSID? because if it implement to all SSID i will have big trouble because our Guest SSID used few ID which given by receptionist to our guest, it use 1 ID with multiple login. I plan to implement this only for Staff WLAN which this SSID authenticate with AD, only guest used single ID for multiple.

I have create new SSID for testing purpose, plan to use this test WLAN to try and error before implement with the official WLAN, but the command given by both of you seems like will implement to all SSID. Correct me if im wrong. Thanks

Please advise and thank you, really appreciate that.

ara

Sandeep Choudhary · ‎08-20-2020

Yes, it is global for all users and all SSIDs

Regards

Dont forget to rate helpful posts