collapse

Search


User Info

 
 
Welcome, Guest. Please login or register.
Did you miss your activation email?

Author Topic: ISE authenitacation  (Read 11733 times)

Offline danimax

  • Cisco Newbie
  • *
  • Posts: 1
  • Reputation: 0
  • Certification: CCNP
ISE authenitacation
« on: February 06, 2014, 01:26:35 AM »
Hello Forum.

I have a problem with authentication on ISE. We don't want a scenario whereby a credential can be used more than once to authenticate with ISE.

For example.
User A authenticate with ISE with usename : danimax.
Username "danimax credential" should not be used by any other person while user A is still Online.

We want 1 credential for 1 person.

Offline MC

  • Global Moderator
  • Cisco Guru
  • *****
  • Posts: 401
  • Reputation: 606
  • CCIE x3 (RS,Sec,SP)
  • Certification: CCIE
Re: ISE authenitacation
« Reply #1 on: February 07, 2014, 12:21:29 AM »
For local and AD user, I do not believe there is a way to do that. For guest, you can limit one session per guest user but the subsequent login will disconnect the previous user which still is not what you are looking for. See below for an excerpt from the SIE 1.2 user guide.
 
Restricting Guests to One Active Network Session

You can restrict guests to having only one device connected to the network at a time. When guests attempt to connect with a second device, the currently-connected device is automatically disconnected from the network.
This is a global setting affecting all Guest portals.
Step 1   Choose Administration > Web Portal Management > Settings > Guest > Portal Policy.
Step 2   Check the Allow only one guest session per user option.
Step 3   Click Save.

Offline adecisco

  • Cisco Newbie
  • *
  • Posts: 96
  • Reputation: 10
  • Discovering new solution is sweet!
    • http://adeolaade.blogspot.com/
  • Certification: N/A
Re: ISE authenitacation
« Reply #2 on: February 07, 2014, 05:49:20 AM »
As MC has noted as at ISE 1.2 for AD credential is not possible except we find a way of hacking it but I have try that. But guest service can limit session.

I think this feature is doable if cisco want to go for it.

Dan we have already talk over this.
Technology makes life easy but I hope the same technology will not send man back to stone age!

Offline MC

  • Global Moderator
  • Cisco Guru
  • *****
  • Posts: 401
  • Reputation: 606
  • CCIE x3 (RS,Sec,SP)
  • Certification: CCIE
Re: ISE authenitacation
« Reply #3 on: February 07, 2014, 11:19:00 PM »
Since ISE already have all the active session and user information, you would think it shouldn't be difficult to block subsequent login based on number of current session. Hopefully Cisco comes out with this in the future release.

 

SimplePortal 2.3.7 © 2008-2024, SimplePortal