Showing results for 
Search instead for 
Did you mean: 

Active Endpoint Counter



we are deploying a new PoC enviroment and we are running in a strange problem. It seems that counter for the active endpoints is not incrementing.


3 nodes of ISE in PAN failover running version 2.2 and an external web server with the scope to create guest user using API integration.

When the guest user is authenticated from guest DB on ISE, we are able to see the authentication session on ISE from "Operation --> Radius --> Live Logs and Live Session", but under "Context Visibility -- Endpoints -- Authentication" all endpoints are in disconnected or null status.

I can also see that the session status in Live session tab is always setted in "Started" or "Terminated" value.

Is anybody experiencing the same our problem? Is status session correct or we should have different value?

Best Regards

Andrea Tornaghi

1 Accepted Solution

Accepted Solutions

Chyps, you answer is correct. The problem was on WLC side. I enabled the RADIUS Server Accounting Interim update and everything is working fine.

View solution in original post

8 Replies 8

Cisco Employee
Cisco Employee

RADIUS Accounting is how ISE tracks the sessions and performs licensing counts.

I suspect that you are not sending RADIUS Accounting information from your NADs to ISE.

    aaa accounting dot1x default start-stop group ISE-Group

Please see our How To: Universal IOS Switch Config for ISE under ISE Design & Integration Guides for the full details about how to configure AAA Accounting on a switch with ISE.

IF it persists, verify you are using a validated version of NAD software from the Cisco Identity Services Engine Network Component Compatibility, Release 2.2 - Cisco

if, on ISE, I go in Operations -- Reports -- Endpoint and Users -- RADIUS Accounting I am able to see some logs from Accounting process (you can find an example below).

My NAD is WLC 5508 running version 8.2.130, and on SSID I have configured as accounting servers all PSN nodes in the same order of authentication servers.

I checked also that Accounting is enabled in Logging Categories List and it is collecting logs from LogCollector and LogCollector2.


11004  Received RADIUS Accounting-Request

11017 RADIUS created a new session

15049 Evaluating Policy Group

15008 Evaluating Service Selection Policy

15004  Matched rule

22083 User/group session counters incremented on accounting start

11005 Returned RADIUS Accounting-Response

Be sure to enable the RADIUS Server Accounting > Interim Update checkbox but set Interim Interval to 0.

Chyps, you answer is correct. The problem was on WLC side. I enabled the RADIUS Server Accounting Interim update and everything is working fine.

Craig doesn’t need to be told when he is right…it’s just assumed .

Hello Gents, 


Got exactly the same problem.

My WLC is 8.0.152 and there is no indication for RADIUS>Accounting there will be any Interim Update checkbox. Might my firmware to old, what do you think ?








The interim accounting setting is under each WLAN. Go to WLAN -> Select WLAN and edit -> Security -> AAA Servers.

Hi Thomas,


can this command be used with Tacacs+ instead of Radius as well?


  aaa accounting dot1x default start-stop group TACACS-Server-GROUP


Thank you


Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: