Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2317
Views
15
Helpful
5
Replies

Cisco ISE during reload will send disconnect message

Go to solution
anilkumar.cisco
Level 4
Level 4

‎06-24-2021 04:27 AM

Hello Team

 

We have planned a downtime.. and need to reload standalone ISE 2.7.2 version.

 

Just want to understand.. any live radius connection will drop during this time..

 

as we have some anyconnect client connected to the network via Radius..

 

Pls advise.

 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to anilkumar.cisco

‎06-24-2021 04:43 AM

I mean - once VPN clients connect, they stay as expected, some time idle time will disconnect the user, some setup automaticaally reconnect.

In this situation user authentication fails,since ISE off line.

 

Hope this make sense ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

5 Replies 5

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎06-24-2021 04:32 AM

VPN Exisitng connection stay as it is  ( depends on config), new connection will not get through, since ISE down state.

 

if this ISE acting as device management, you not able to login  to any device using radius, but if you have fall back account to Local then you can use to login to end devices like Router and Switches.

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Go to solution
anilkumar.cisco
Level 4
Level 4
In response to balaji.bandi

‎06-24-2021 04:36 AM

i am bothering more about existing anyconnect connection..

 

what configuration you are expecting me to do so that existing anyconnect user will remain connected..

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to anilkumar.cisco

‎06-24-2021 04:43 AM

I mean - once VPN clients connect, they stay as expected, some time idle time will disconnect the user, some setup automaticaally reconnect.

In this situation user authentication fails,since ISE off line.

 

Hope this make sense ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Go to solution
Mike.Cifelli
VIP Alumni
VIP Alumni

‎06-24-2021 04:33 AM

Just want to understand.. any live radius connection will drop during this time..

-No.  I assume you authorize clients to the network and within the authz profiles or interface configs you have reauth timers deployed.  As long as clients are not attempting to auth to the network during the downtime there will be no impact on clients already connected to the network.  If possible I would suggest deploying additional ISE nodes as it aides with availability/load.  HTH!

Go to solution
rschlayer
Level 4
Level 4

‎06-24-2021 04:49 AM

All currently authenticated devices will stay authenticated until they hit the reauthentication timer or get logged of because of idle timeout.

While ISE reboots no new authentications can be made.

0 Helpful
Customers Also Viewed These Support Documents