Chapter 10 Managing Access Policies

Maximum User Sessions

Network Device Access EAP-FAST Settings Page

Use this page to configure parameters for the EAP-FAST protocol that the NDAC policy uses.

To display this page, choose Access Policies > Security Group Access Control > Network Device

Access.

Table 10-29 Network Device Access EAP-FAST Settings Page

Option

Description

EAP-FAST Settings

Tunnel PAC Time To Live

Time to live (TTL), or duration, of a PAC before it expires and requires replacing.

 

 

Proactive PAC Update When %

Percentage of PAC TTL remaining when you should update the PAC.

of PAC TTL is Left

 

 

 

Related Topics:

Configuring an NDAC Policy, page 4-25

Configuring EAP-FAST Settings for Security Group Access, page 4-26

NDAC Policy Page, page 10-47

Maximum User Sessions

For optimal performance, you can limit the number of concurrent users accessing the network resources. ACS 5.3 imposes limits on the number of concurrent service sessions per user.

The limits are set in several different ways. You can set the limits at user level or at group level. Depending upon the maximum user session configurations, the session count is applied on the user.

Note To make the maximum sessions work for the user access, the administrator should configure the RADIUS accounting.

Note To make the maximum sessions work for the device management, the administrator should configure the T+ session authorization and accounting.

This section contains the following topics:

Max Session User Settings, page 10-51

Max Session Group Settings, page 10-51

Max Session Global Setting, page 10-52

Purging User Sessions, page 10-53

Maximum User Session in Distributed Environment, page 10-54

Maximum User Session in Proxy Scenario, page 10-55

 

User Guide for Cisco Secure Access Control System 5.3

10-50

OL-24201-01

Page 314
Image 314
Cisco Systems OL-24201-01 manual Maximum User Sessions, Network Device Access EAP-FAST Settings, 10-50