Showing results for 
Search instead for 
Did you mean: 

Limit the sessions of authentication

Level 1
Level 1

Hi my name is Ivan

I have a wireless network working with 3 profiles of users:

Profile 1: Corp with 802.1x peap maschap v2

Profile 2: Alm with Web Authentication are validating credentials from a ACS 5.3 and AD 2008 R2

Profile 3: Guest with Web Authentication validating credential from the Cisco Lobby Ambassdor.

My customer need limit the amount of sessions to the authentication, for example:

One user  of any Profile (Corp, Alm, Guest) just must authenticate to the network wireless using only twice their credentials, from any device

My customer doesn't need authenticate the device (By MAB, or another method).

Is possible to do it in the WLC or perhaps in the ACS 5.3?. Or perhaps in only two Profiles, or only one?.

Please could you give me an advice to do it?

Thanks for your answers.


3 Replies 3

Scott Fella
Hall of Fame
Hall of Fame

Well the issue is that you have multiple sources where the credentials are located. You have an option on the WLC to limit the max login but that is only good for that WLC. If you have multiple WLC's , that wouldn't work so well if they connect to another ap on a different WLC. Bringing authentication to a single source like ISE you would be able to do that, but I think it's on the next release that it will be available.

Sent from Cisco Technical Support iPhone App

*** Please rate helpful posts ***

Ravi Singh
Level 7
Level 7

There is command on WLC "max-login-ignore-identity-response" which limit the number of devices but as Scott said if you are using more than one WLC then it will not work. You have to deploy ISE 1.2 which is going to be release in the last week of this month. With the help of this you can achieve your goal.

Hi Scott And Ravi, thanks for your answers

I have one wlc and 3 ssid. Im going to try to do all your advice, to limit the amount of sessions of the authentication.



Review Cisco Networking for a $25 gift card