04-25-2019 11:00 PM
HI Team,
I have a query regarding ISE or simple TACACS connection termination process. there are three scenarios, either the user abort/exit the connection by typing the command on NAD to terminate the connection OR leaves the connection idle for time being or close the NAD access terminal without terminating the connection using exit/quit command.
What process is followed to terminate the connection in 2nd and 3rd scenario. any default timeout value is set on NAD devices or ISE terminates the connection after specific timeout.
Tried to find out the exact information on many blogs/pages/rfc. any helpful link or info will be much appreciated.
04-26-2019 06:21 AM
Hi Team,
any input please.
04-28-2019 02:46 PM
If this is an IOS device, then the default behaviour is the exec session timeout under the vty section
e.g. example below will kick user out after 20 minutes. This is regardless of whether the user connected via TACACS or not.
You can probably override that with an AVPair but I haven't a clue (never done it myself).
The behaviour might be different on every vendor kit (even on a Cisco WLC for example)
line vty 0 4 exec-timeout 20 0 privilege level 15 logging synchronous transport input ssh transport output ssh
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: