04-09-2019 12:20 PM - edited 04-09-2019 12:22 PM
I'd like to create periodic updates from my 2960x 15.2(2)E7 device to my Cisco ISE server. I am wondering if the global level command needs to work in conjunction with some interface level commands and if so what. My desired end goal is to be able to send periodic accounting packets to the Server without interface level configuration needing to be applied.
aaa accounting update periodic 5
switchport mode access
switchport access vlan X
Will the device ever send an interim packet to the server if all other configuration regarding that process is configured correctly. I have a need to put images on brand new computers over the network without authenticating the MACs of those devices first. I have to strip dot1x off of these "imaging ports" to make this possible but I'd still like the server to get some information about these devices so that said information is available when/if I decide to tell the server that the device in question may access the network through a dot1x enabled port.
Bonus: This ability would give my server the ability to see information about devices connected to non dot1x ports on my network that I might not know about and thus would help me to secure the network by addressing those ports on a case by case basis.
Am I dreaming or is this possible?
Solved! Go to Solution.
04-09-2019 02:57 PM
04-09-2019 02:11 PM
You don't need an interface-level command. The global one is fine.
04-09-2019 02:57 PM
06-17-2019 10:50 AM
hi @Damien Miller ,
Is there any document about this matter which states that ISE accounting behavior stores in in 5 days. I think 5 days is so long, can we change it like a day? Thanks
10-08-2019 02:29 AM
Hi Damien Miller,
Do we have any document reference saying that ISE - keep session for 5 days
10-08-2019 10:08 PM
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: