Chapter 1 Overview
AAA Server Functions and Concepts
User Guide for Cisco Secure ACS for Windows Server
This section contains the following topics:
• MaxSessions Issues, page A-16
• Dynamic Usage Quotas, page 1-18
• Shared Profile Components, page 1-19
• Support for Cisco Device-Management Applications, page 1-19
• Other Authorization-Related Features, page 1-21
Max Sessions
Max Sessions is a useful feature for organizations that need to limit the number
of concurrent sessions available to either a user or a group:
• User Max Sessions—For example, an Internet service provider can limit
each account holder to a single session.
• Group Max Sessions—For example, an enterprise administrator can allow
the remote access infrastructure to be shared equally among several
departments and limit the maximum number of concurrent sessions for all
users in any one department.
In addition to enabling simple User and Group Max Sessions control,
Cisco Secure ACS enables the administrator to specify a Group Max Sessions
value and a group-based User Max Sessions value; that is, a User Max Sessions
value based on the group membership of the user. For example, an administrator
can allocate a Group Max Sessions value of 50 to the group “Sales” and also limit
each member of the “Sales” group to 5 sessions each. This way no single member
of a group account would be able to use more than 5 sessions at any one time, but
the group could still have up to 50 active sessions.
For more information about the Max Sessions feature, see Setting Max Sessions
for a User Group, page 6-12 and Setting Max Sessions Options for a User,
page 7-16.
Dynamic Usage Quotas
Cisco Secure ACS enables you to define network usage quotas for users. Using
quotas, you can limit the network access of each user in a group or of individual
users. You define quotas by duration of sessions or the total number of sessions.