Support User Manuals

Cisco Systems OL-24201-01 Camera Accessories User Manual

Open as PDF

of 650

10-53

User Guide for Cisco Secure Access Control System 5.3

OL-24201-01

Chapter 10 Managing Access Policies

Maximum User Sessions

Related topics

• Maximum User Sessions, page 10-50

• Max Session User Settings, page 10-51

• Max Session Group Settings, page 10-51

• Purging User Sessions, page 10-53

• Maximum User Session in Distributed Environment, page 10-54

• Maximum User Session in Proxy Scenario, page 10-55

Purging User Sessions

You can use the Purge option only when users are listed as Logged-in but connection to the AAA client

has been lost and the users are no longer actually logged in.

Purging will not log off the user from the AAA client, however it will decrease the session count by one.

While the count is zero, any interim updates or STOP packet that arrives from the device will be

discarded. Due to this purging, if a user logged in with the same user name and password in another AAA

client, this session will not be affected.

Note A fake accounting stop is sent irrespective of the session count value.

To purge the User session:

Step 1 Go to System Administration > Users > Purge User Sessions.

Table 10-31 Max User Session Global Settings Page

Option Description

RADIUS Session Key Assignment

Available Session Keys RADIUS sessions keys available for assignation.

Note To use the RADIUS Acct-Session-Id (attribute #44) in the RADIUS session key,

the admin should configure the Acct-Session-Id to be sent in the access request:

Router(config)# radius-server attribute 44 include-in-access-req

Assigned Session Keys RADIUS session key assigned. The default session keys for RADIUS are:

UserName:NAS-Identifier:NAS-Port:Calling-Station-ID

TACACS+ Session Key Assignment

Available Session Keys TACACS+ sessions keys available for assignation.

Assigned Session Keys TACACS+ session key assigned. The default session keys for TACACS+ are:

User:NAS-Address:Port:Remote-Address

Max User Session Timeout Settings

Unlimited Session Timeout No timeout.

Max User Session Timeout Once the session timeout is reached, ACS sends a fake STOP packet to close the respective

session and update the session count.

Note The user is not enforced to logout in the device.

previous next