Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3967
Views
5
Helpful
4
Replies

After Insert "Access session closed", necessary to "shut no shut" the interface?

getaway51
Level 2
Level 2

‎10-30-2019 09:08 AM

Hi,

 

Currently the port is running on monitor mode with " no access-session closed"

I can see the endpoint in ISE.

I insert a new command " access-session closed"

Do i need to "shut and no shut" the interface? or will it re-authenticate? any difference in ISE logs, sessions or Context visibility when change of mode?

0 Helpful
4 Replies 4

howon
Cisco Employee
Cisco Employee

‎11-01-2019 07:51 AM

Best practice is to shut/no shut after the command as to clear any inconsistencies.

getaway51
Level 2
Level 2
In response to howon

‎11-01-2019 09:19 PM

Hi,

 

Previously when configuring monitor mode, already "shut and no shut" 

 

Now insert ""Access session closed"", need to do it again? 

 

0 Helpful

getaway51
Level 2
Level 2
In response to howon

‎11-06-2019 05:54 AM

Hi,

 

It is very strange, after i insert "access session closed", it seems tht everythign was blocked after i "shut, no shut" the port.

Is there any other settings need to change?

The MAC address was already under correct Identity group. Anything tht I missed out probably?

0 Helpful

hslai
Cisco Employee
Cisco Employee
In response to getaway51

‎11-09-2019 09:07 AM

If auth success in ISE and only blocked on the switch, likely the switch does not like some of the attributes sent down from ISE.

I would try simpler authz profile(s) if I were you.

0 Helpful
Customers Also Viewed These Support Documents