Hello masters,
I need help. I have configured cisco Aironet 1310 with 802.1x authentication within ACS 5.6. All work good, but only max session limit on user not working correctly: The ACS not understand that user logged in Aironet and permit user connect again.
Hello nver and welcome to the forums!
Tell us, what is acting as the user directory? Is it the ACS itself, or is it working with Active Directory?
What is your max session limit set at?
What is the timeout for a disconnected user to be dropped from the MAC address list?
Hi, Thank you for reply.
I use the ACS internal users. Max session limit set "1", it correctly work for tacacs clients, but not working for radius client. Maybe will I config radius attributes in ACS? If yes, what attribute I must configure?.
Thank you.
Quote from: nver on December 15, 2016, 12:33:18 AM
Hi, Thank you for reply.
I use the ACS internal users. Max session limit set "1", it correctly work for tacacs clients, but not working for radius client. Maybe will I config radius attributes in ACS? If yes, what attribute I must configure?.
Thank you.
Don't know the exact setting, but if you look at the TACACS settings for session management, you can set the ones for RADIUS to be the same. No AD involved, so we don't need to troubleshoot that.
Thank you. But nothing I can find.
I go here: http://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_system/5-6/user/guide/acsuserguide/access_policies.html#77244
And I read this:
Note To make the maximum sessions work for user access, the administrator should configure RADIUS accounting.
Note To make the maximum sessions work for device management, the administrator should configure TACACS+ session authorization and accounting.
So, are you doing user or device management, and do you have the correct configuration (RADIUS accounting or TACACS+ auth. and acct.)?