cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

152
Views
0
Helpful
2
Replies
Highlighted
Cisco Employee

Cisco ISE TACACS connection termination process

HI Team,

I have a query regarding ISE or simple TACACS connection termination process. there are three scenarios, either the user abort/exit the connection by typing the command on NAD to terminate the connection OR leaves the connection idle for time being or close the NAD access terminal without terminating the connection using exit/quit command.

What process is followed to terminate the connection in 2nd and 3rd scenario. any default timeout value is set on NAD devices or ISE terminates the connection after specific timeout. 

Tried to find out the exact information on many blogs/pages/rfc. any helpful link or info will be much appreciated.

2 REPLIES 2
Highlighted
Cisco Employee

Re: Cisco ISE TACACS connection termination process

Hi Team,

 

any input please.

Highlighted
VIP Advisor

Re: Cisco ISE TACACS connection termination process

If this is an IOS device, then the default behaviour is the exec session timeout under the vty section

e.g. example below will kick user out after 20 minutes.  This is regardless of whether the user connected via TACACS or not.

You can probably override that with an AVPair but I haven't a clue (never done it myself).

The behaviour might be different on every vendor kit (even on a Cisco WLC for example)

 

line vty 0 4
 exec-timeout 20 0
 privilege level 15
 logging synchronous
 transport input ssh
 transport output ssh