Preview Tool

Cisco Bug: CSCsz63512 - Max Session option under user role removes older sessions in other roles

Last Modified

Feb 23, 2016

Products (1)

  • Cisco NAC Appliance (Clean Access)

Known Affected Releases


Description (partial)

When applying a Max Session limit to a user role, it will encompass all authentications by a user - it does not take user role into consideration.

ie: If a user logs in from one vlan and gets mapped to "role1" that has unlimited sessions, then logs in on another PC on another vlan and gets mapped into "role2" (which has a session limit of 1) CCA will ask the user to remove the oldest session.

Logic is based on the last user role the user logs into, instead of on a per session basis.

Observed in the latest 4.1 and 4.5 codes.
Max Sessions has to be set to something other than unlimited under a user role.
User has to have an active session in another role, then log into the restricted role
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.