cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

3881
Views
0
Helpful
1
Replies
antonio.dinapoli
Beginner

Endpoint session on Cisco ISE 2.1

Hi,

I've installed ISE 2.1 with patch 1.

I have a question about session timing on Cisco ISE.

If a NAD receives an Access_Accept message for an endpoint, ISE installs a session that is visible on Live session section.

If the endpoint disconnects from the network, which is the timeout for that session?

Is it possible to tune this timer?

I try to terminate the session with the CoA Action on Live Session but this action fails because my switch doesn't support CoA.

So I reboot Cisco ISE and only after its reloading the session is removed.

In a case that it is not possible to use the "terminate" functionality, is it possible to remove the session in another manner?

Thanks in advance

Antonio

1 ACCEPTED SOLUTION

Accepted Solutions
Kanwaljeet Singh
Cisco Employee

Hi Antonio,

  • Terminated sessions are cleaned 15 minutes after termination.
  • If there is authentication but no accounting, then such sessions are cleared after one hour.
  • All inactive sessions are cleaned after seven days.

But your NAD should send accounting-start and stop message for better functioning.

For manual removal you can use below method as mentioned in the link i pasted. You can view section "Removing stale sessions".

http://www.cisco.com/c/en/us/td/docs/security/ise/1-4/api_ref_guide/api_ref_book/ise_api_ref_ch2.html#pgfId-1072950

You might also be interested in below discussion:

https://communities.cisco.com/thread/61587?start=0&tstart=0

Regards,

Kanwal

Note: Please mark answers if they are helpful.

View solution in original post

1 REPLY 1
Kanwaljeet Singh
Cisco Employee

Hi Antonio,

  • Terminated sessions are cleaned 15 minutes after termination.
  • If there is authentication but no accounting, then such sessions are cleared after one hour.
  • All inactive sessions are cleaned after seven days.

But your NAD should send accounting-start and stop message for better functioning.

For manual removal you can use below method as mentioned in the link i pasted. You can view section "Removing stale sessions".

http://www.cisco.com/c/en/us/td/docs/security/ise/1-4/api_ref_guide/api_ref_book/ise_api_ref_ch2.html#pgfId-1072950

You might also be interested in below discussion:

https://communities.cisco.com/thread/61587?start=0&tstart=0

Regards,

Kanwal

Note: Please mark answers if they are helpful.

View solution in original post

Create
Recognize Your Peers
Content for Community-Ad

ISE Webinars



Did you miss a previous ISE webinar?

CiscoISE YouTube Channel