Cisco ISE - authentication periodic command

Nikhil Jadhav · ‎04-14-2020

Hello ISE folks,

I would like to have the actual definition of this command- "authentication periodic".

In Some Cisco guides, it is defined as it only enables automatic re-authentication.

But if we check the "HOW TO GUIDES", it states that this command enables automatic re-authentication and Inactivity timer as shown in attached screenshot below.

What is the actual significance of this command and how would we configure if we want to disable re-authentication and enable only Inactivity timer?

Mohammed al Baqari · ‎04-14-2020

Hi,

If you want to enable inactivity timer only, then use the command
'authentication timer inactivity'.

If you set the inactivity timer more than reauthentication timer (default
one hour), then effectively inactivity won't trigger because the client
will have activity every hour to reauthentication. If your reauthentication
timer is more than inactivity, it won't be used because the session is
killed before reauth.

But for sure inactivity timer and reuathentication timer are
different settings can be tuned separately. We will wait for someone from
Cisco to clarify the meaning of the statement in the guide.

**** please remember to rate useful posts

Nikhil Jadhav · ‎04-16-2020

Thank you for Responding Mohammed.

The How to Guide states that "authentication periodic" command enables re-authentication as well as inactivity timer, which infers that the command 'authentication timer inactivity' is dependent on 'authentication periodic' command.

Also, as per your response, there is always a default re-authentication timer present so how can we disable the default re-authentication?