10-54
User Guide for Cisco Secure Access Control System 5.4
OL-26225-01
Chapter10 Managing Access Policies
Maximum User Sessions
Related topics
Maximum User Sessions, page 10-51
Max Session User Settings, page 10-52
Max Session Group Settings, page 10-52
Purging User Sessions, page10-54
Maximum User Session in Distributed Environment, page 10-55
Maximum User Session in Proxy Scenario, page 10-56
Purging User Sessions
You can use the Purge option only when users are listed as Logged-in but connection to the AAA client
has been lost and the users are no longer actually logged in.
Purging will not log off the user from the AAA client, however it will decrease the session count by one.
While the count is zero, any interim updates or STOP packet that arrives from the device will be
discarded. Due to this purging, if a user logged in with the same user name and password in another AAA
client, this session will not be affected.
Note A fake accounting stop is sent irrespective of the session count value.
To purge the User session:
Step1 Go to System Administration > Users > Purge User Sessions.
Table10-31 Max User Session Global Settings Page
Option Description
RADIUS Session Key Assignment
Available Session Keys RADIUS sessions keys available for assignation.
Note To use the RADIUS Acct-Session-Id (attribute #44) in the RADIUS session key,
the admin should configure the Acct-Session-Id to be sent in the acc ess request:
Router(config)# radius-server attribute 44 include-in-access-req
Assigned Session Keys RADIUS session key a ssigned. The default session keys for RADIUS are:
UserName:NAS-Identifier:NAS-Port:Calling-Station-ID
TACACS+ Session Key Assignment
Available Session Keys TACACS+ sessions keys available for assignation.
Assigned Session Keys TACACS+ session key assigned. The default session keys for TACACS+ are:
User:NAS-Address:Port:Remote-Address
Max User Session Timeout Settings
Unlimited Session Timeout No timeout.
Max User Session Timeout Once the session timeout is reached, ACS sends a fake STOP packet to close the respective
session and update the session count.
Note The user is not enforced to logout in the device.