Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2164
Views
2
Helpful
1
Replies

Endpoint Status

Go to solution
loobitize
Level 1
Level 1

‎06-12-2017 12:58 PM

I have a group of endpoints that MAB authenticate to the network and rarely change connection state (a/v and security endpoints).  Many of these devices were showing up in ISE as "disconnected" until I added the "authenticate periodic" command at the suggestion of TAC.  Now many, but not all, of the devices show up with status "connected".   However, even for devices that show up as connected, there is no authentication data in the endpoint authentication tab.  "Show authentication" on the switch indicates there was a successful mab authentication.  Further, I am unable to issue a COA, presumably because ISE does not know about the active authentication. 

Can someone explain in detail how ISE tracks endpoint connection status, the relationship to authentication, any relevant timers and the configuration required for ISE to maintain accurate connection status?

Thanks

1 Accepted Solution

Accepted Solutions

Go to solution
Timothy Abbott
Cisco Employee
Cisco Employee

‎06-14-2017 02:02 PM

ISE uses RADIUS accounting to maintain the state of the connection.  I suggest verifying the AAA connection on the switch to ensure ISE is receiving those packets.

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Timothy Abbott
Cisco Employee
Cisco Employee

‎06-14-2017 02:02 PM

ISE uses RADIUS accounting to maintain the state of the connection.  I suggest verifying the AAA connection on the switch to ensure ISE is receiving those packets.

0 Helpful
Customers Also Viewed These Support Documents