Chapter 10 Managing Access Policies

Maximum User Sessions

Table 10-30 Max User Session Global Settings Page

Option

Description

General

Name

Name of the Identity Group.

 

 

Description

Description of the Identity Group.

 

 

Max Session Group Settings

 

 

 

Unlimited Session

Check this checkbox if you want to provide unlimited session to the group.

 

 

Max Session for Group

Specify a value for the maximum number of concurrent sessions permitted for the group.

 

 

Unlimited is selected by default. Group level session is applied based on the hierarchy. For example:

The group hierarchy is America:US:West:CA and the maximum sessions are as follows:

America: 100 max sessions

US: 80 max sessions

West: 75 max sessions

CA: 50 max sessions

If the user belongs to America/US/West, ACS will check that the number of session does not exceed the limit specified for the groups America/US/West, America/US, America. When you set the maximum session group settings of a user group as 100, it means that the total count of all the sessions established by all the members of that group cannot exceed 100. Once the session is allowed then the Number of Active Sessions Availed counter for the three nodes are increased by one. Child groups can not have more sessions than the parent group.

Related topics

Maximum User Sessions, page 10-50

Max Session User Settings, page 10-51

Max Session Global Setting, page 10-52

Purging User Sessions, page 10-53

Maximum User Session in Distributed Environment, page 10-54

Maximum User Session in Proxy Scenario, page 10-55

Max Session Global Setting

You can assign session keys for RADIUS and TACACS+ requests. Session key is provided with a set of attributes for RADIUS and TACACS+. You can customize the session key attributes according to your environment. If you do not assign any session key, ACS uses the default session key values.

Session key is a unique key which is used to track the user sessions. The session key helps ACS to differentiate between a user re-authenticating to the same session and a user starting a new session. The session key attributes for a single session should be the same in the access request as well as in the accounting start packet. It helps ACS to identity the session properly. When ACS re-authenticates the same session again, the same key is retained.

To configure the global settings for maximum user session, choose System Administrator > Users >

Max User Session Global Settings

 

User Guide for Cisco Secure Access Control System 5.3

10-52

OL-24201-01

Page 315 Page 317
Page 316
Image 316
Cisco Systems OL-24201-01 manual Max Session Global Setting, Max User Session Global Settings, 10-52
Page 315 Page 317
Top Page Image Contents