Cisco Systems Servers Server User Manual


 
7-19
Cisco Secure ACS 3.0 for Windows 2000/NT Servers User Guide
78-13751-01, Version 3.0
Chapter 7 Setting Up and Managing User Accounts
Basic User Setup Options
Setting User Usage Quotas Options
You can define usage quotas for individual users. You can limit users in one or
both of two ways:
By total duration of sessions for the period selected
By the total number of sessions for the period selected
For Cisco Secure ACS purposes, a session is considered any type of user
connection supported by RADIUS or TACACS+, for example PPP, or Telnet, or
ARAP. Note, however, that accounting must be enabled on the AAA client for
Cisco Secure ACS to be aware of a session. If you make no selections in the
Session Quotas section for an individual user, Cisco Secure ACS applies the
session quotas of the group to which the user is assigned.
Note If the User Usage Quotas feature does not appear, click Interface
Configuration followed by Advanced Options. Then select the Usage
Quotas check box.
Tip The Current Usage table under the User Usage Quotas table on the User Setup
Edit page displays usage statistics for the current user. The Current Usage
table lists both online time and sessions used by the user, with columns for
daily, weekly, monthly, and total usage. The Current Usage table appears only
on user accounts that you have previously established; that is, it does not
appear during initial user setup.
For a user who has exceeded his quota, Cisco Secure ACS denies him access upon
his next attempt to start a session. If a quota is exceeded during a session,
Cisco Secure ACS allows the session to continue. If a users account has been
disabled because the user has exceeded usage quotas, the User Setup Edit page
displays a message stating that the account has been disabled for this reason.
You can reset the session quota counters on the User Setup page for a user. For
more information about resetting usage quota counters, see the Resetting User
Session Quota Counters section on page 7-55.
To support time-based quotas, we recommend enabling accounting update packets
on all AAA clients. If update packets are not enabled, the quota is updated only
when the user logs off. If the AAA client through which the user is accessing your