Documentation on License Return to ISE

jorreyno · ‎07-13-2018

Is there any thorough documentation on how a WLC or Meraki Controller determines when exactly to send a RADIUS Accounting Stop for a client session? I'm familiar with the concept but would like to know what buttons and knobs can be twisted to tune the timeouts on roaming sessions in a Meraki environment in particular.

hslai · ‎07-13-2018

AFAIK Meraki APs are treated as network devices in ISE individually. Thus, I would expect an endpoint roaming to a second AP will have its session tied to this second AP but no longer to the first AP, given that both APs are authenticating to the same ISE deployment.

If you need info how exactly it working on Cisco Meraki gears, please check out the help resources for Meraki, such as RADIUS Failover and Retry Details - Cisco Meraki and User Idle Timeout - The Meraki Community

jorreyno · ‎07-16-2018

Thanks Hsing-Tsu. Any thoughts on an old Cisco Live deck or otherwise that could describe the this process, from either the WLC side or the Meraki? I find myself describing RADIUS Accounting and ISE license return frequently and but I don't have a great wholistic view of the knobs and whistles that can be adjusted for tuning.

I have pointed people to the link below in addition to the Meraki link that you shared, but was looking for anything easier on the eyes.

https://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan-wlan/118703-technote-wlc-00.html#anc7

In the interest of a current project I am running through 5 or 6 CL decks and will share if one has the wireless Accounting neatly packaged.

jorreyno · ‎07-17-2018

Following up on this, Craig's BRKSEC-3699 has a slide referencing the tuning of wireless NADs, but I still cannot find a good description of a L2 roaming (fast roaming with CCKM) scenarios, and the implication on ISE license return.

https://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan-wlan/116493-technote-technology-00.html#anc8