Chapter 7 Setting Up and Managing User Accounts
Basic User Setup Options
7-18
User Guide for Cisco Secure ACS for Windows Server
78-14696-01, Version 3.1
Setting User Usage Quotas Options
You can define usage quotas for individual users. You can limit users in one or
both of two ways:
•
By total duration of sessions for the period selected
•
By the total number of sessions for the period selected
For Cisco Secure ACS purposes, a session is considered any type of user
connection supported by RADIUS or , for example PPP, or Telnet, or
ARAP. Note, however, that accounting must be enabled on the AAA client for
Cisco Secure ACS to be aware of a session. If you make no selections in the
Session Quotas section for an individual user, Cisco Secure ACS applies the
session quotas of the group to which the user is assigned.
Note
If the User Usage Quotas feature does not appear, click Interface Configuration,
click Advanced Options, and then select the Usage Quotas check box.
Tip
The Current Usage table under the User Usage Quotas table on the User Setup
Edit page displays usage statistics for the current user. The Current Usage table
lists both online time and sessions used by the user, with columns for daily,
weekly, monthly, and total usage. The Current Usage table appears only on user
accounts that you have established; that is, it does not appear during initial user
setup.
For a user who has exceeded his quota, Cisco Secure ACS denies him access upon
his next attempt to start a session. If a quota is exceeded during a session,
Cisco Secure ACS allows the session to continue. If a user account has been
disabled because the user has exceeded usage quotas, the User Setup Edit page
displays a message stating that the account has been disabled for this reason.
You can reset the session quota counters on the User Setup page for a user. For
more information about resetting usage quota counters, see
Resetting User
Session Quota Counters, page 7-57
.
To support time-based quotas, we recommend enabling accounting update
packets on all AAA clients. If update packets are not enabled, the quota is updated
only when the user logs off. If the AAA client through which the user is accessing
your network fails, the quota is not updated. In the case of multiple sessions, such