Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1115
Views
0
Helpful
3
Replies

Alarm for load on PSN for concurrent authentication sessions

Go to solution
umahar
Cisco Employee
Cisco Employee

‎08-24-2016 12:41 AM

We need to find a way to generate alarm if a  PSN reached its threshold maximum concurrent sessions of 20K.

Does MAX_AUTH_ATTEMPTS below corresponds to concurrency in a PSN or it is an average over 10 or 15 minutes ?

Would like to hear how people are monitoring their PSNs for thresholds in terms of concurrent authentication sessions

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
hariholla
Cisco Employee
Cisco Employee
In response to utkarshsingh

‎08-25-2016 02:33 PM

1. Is Active Sessions Counter API also available in ISE 1.4 ? I was going through the SDK today but could not find anything it.

- As per the guide, 1.4 supports this API: Cisco Identity Services Engine API Reference Guide, Release 1.4 - Introduction to the Monitoring REST APIs [Cisco Identi…

2. Using the above API call can we get active sessions per PSN or it gives the total active sessions in a cluster ?

- This can't be done per PSN, from the MnT node for ISE deployment:

session counter API calls let you quickly gather a current count of session-related information on a target Cisco Monitoring ISE node in your Cisco ISE deployment

View solution in original post

0 Helpful
3 Replies 3

Go to solution
hariholla
Cisco Employee
Cisco Employee

‎08-24-2016 11:54 AM

Excessive Authentication Attempts is the total number of authentications that are authenticated in last 15 minutes. However the 20K session limit on the PSN considers the entries in session database (Operations > RADIUS Live Sessions), which is not configurable via Alarm Settings AFAIK.

The other option may be is to use the ISE REST API call 'active sessions counter' that can provide for a count of active sessions on ISE, which can be compared to a set threshold on an external server:

Active Sessions Counter

You can use the ActiveCount API call to retrieve a count of all currently active sessions.

Cisco Identity Services Engine API Reference Guide, Release 2.1 - Using API calls for Session Management [Cisco Identity…

0 Helpful

Go to solution
utkarshsingh
Level 1
Level 1
In response to hariholla

‎08-25-2016 03:37 AM

Thanks for the response.

1. Is Active Sessions Counter API also available in ISE 1.4 ? I was going through the SDK today but could not find anything it.

2. Using the above API call can we get active sessions per PSN or it gives the total active sessions in a cluster ?

0 Helpful

Go to solution
hariholla
Cisco Employee
Cisco Employee
In response to utkarshsingh

‎08-25-2016 02:33 PM

1. Is Active Sessions Counter API also available in ISE 1.4 ? I was going through the SDK today but could not find anything it.

- As per the guide, 1.4 supports this API: Cisco Identity Services Engine API Reference Guide, Release 1.4 - Introduction to the Monitoring REST APIs [Cisco Identi…

2. Using the above API call can we get active sessions per PSN or it gives the total active sessions in a cluster ?

- This can't be done per PSN, from the MnT node for ISE deployment:

session counter API calls let you quickly gather a current count of session-related information on a target Cisco Monitoring ISE node in your Cisco ISE deployment

0 Helpful
Customers Also Viewed These Support Documents