Cisco Aironet 1310 and ACS 5.6

Started by nver, December 13, 2016, 12:03:42 AM

Previous topic - Next topic

nver

Hello masters,
I need help. I have configured cisco Aironet 1310 with 802.1x authentication within ACS 5.6. All work  good, but only max session limit on user not working correctly: The ACS not understand that user logged in Aironet and permit user connect again.

deanwebb

Hello nver and welcome to the forums!

Tell us, what is acting as the user directory? Is it the ACS itself, or is it working with Active Directory?
What is your max session limit set at?
What is the timeout for a disconnected user to be dropped from the MAC address list?
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.

nver

Hi, Thank you for reply.

I use the ACS internal users. Max session limit set "1", it correctly work for tacacs clients, but not working for radius client. Maybe  will I config radius attributes in ACS? If yes, what attribute I must configure?.

Thank you.

Netwörkheäd

Quote from: nver on December 15, 2016, 12:33:18 AM
Hi, Thank you for reply.

I use the ACS internal users. Max session limit set "1", it correctly work for tacacs clients, but not working for radius client. Maybe  will I config radius attributes in ACS? If yes, what attribute I must configure?.

Thank you.
Don't know the exact setting, but if you look at the TACACS settings for session management, you can set the ones for RADIUS to be the same. No AD involved, so we don't need to troubleshoot that.
Let's not argue. Let's network!

nver


deanwebb

I go here: http://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_system/5-6/user/guide/acsuserguide/access_policies.html#77244

And I read this:
Note To make the maximum sessions work for user access, the administrator should configure RADIUS accounting.

Note To make the maximum sessions work for device management, the administrator should configure TACACS+ session authorization and accounting.


So, are you doing user or device management, and do you have the correct configuration (RADIUS accounting or TACACS+ auth. and acct.)?
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.