Setting user usage quotas options – Cisco 3.3 User Manual

Page 264

Advertising
background image

Chapter 7 User Management

Basic User Setup Options

7-18

User Guide for Cisco Secure ACS for Windows Server

78-16592-01

Setting User Usage Quotas Options

You can define usage quotas for individual users. You can limit users in one or
both of two ways:

By total duration of sessions for the period selected.

By the total number of sessions for the period selected.

For Cisco Secure ACS purposes, a session is considered any type of user
connection supported by RADIUS or TACACS+, for example PPP, or Telnet, or
ARAP. Note, however, that accounting must be enabled on the AAA client for
Cisco Secure ACS to be aware of a session. If you make no selections in the
Session Quotas section for an individual user, Cisco Secure ACS applies the
session quotas of the group to which the user is assigned.

Note

If the User Usage Quotas feature does not appear, click Interface Configuration,
click Advanced Options, and then select the Usage Quotas check box.

Tip

The Current Usage table under the User Usage Quotas table on the User Setup
Edit page displays usage statistics for the current user. The Current Usage table
lists both online time and sessions used by the user, with columns for daily,
weekly, monthly, and total usage. The Current Usage table appears only on user
accounts that you have established; that is, it does not appear during initial user
setup.

For a user who has exceeded his quota, Cisco Secure ACS denies him access upon
his next attempt to start a session. If a quota is exceeded during a session,
Cisco Secure ACS allows the session to continue. If a user account has been
disabled because the user has exceeded usage quotas, the User Setup Edit page
displays a message stating that the account has been disabled for this reason.

You can reset the session quota counters on the User Setup page for a user. For
more information about resetting usage quota counters, see

Resetting User

Session Quota Counters, page 7-58

.

To support time-based quotas, we recommend enabling accounting update packets
on all AAA clients. If update packets are not enabled, the quota is updated only
when the user logs off. If the AAA client through which the user is accessing your
network fails, the quota is not updated. In the case of multiple sessions, such as

Advertising
Popular Brands
Popular manuals