Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2938
Views
5
Helpful
3
Replies

No active sessions for selected MAC address

Go to solution
rpidcock@bankrcb.net
Level 1
Level 1

‎09-22-2020 04:34 AM

We are running ISE 2.6.0.156 Patch 6.

 

Seeing what appears to be active sessions within Context Visibility --> Endpoints.  Whenever I try to select a specific device and then perform a COA Session Reauth I receive the error message as indicated in the title.  Also I notice when going to live sessions that I do not show a live session for the specific node, however if I go into the CLI of the specific switch I can see with "show access-session" command that there is an established active session.

 

Has anyone run across this issue?  

h

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
thomas
Cisco Employee
Cisco Employee

‎09-22-2020 09:03 PM

Not enough information to understand what might going on.

It could simply be that you do not have RADIUS Accounting configured so the endpoint/user was authenticated but there is no session for ISE to control with a COA. What do the ISE LiveLogs and Live Sessions say about it?

See ISE Secure Wired Access Prescriptive Deployment Guide > Preparing a Switch for Identity-Based Network Access to verify you have accounting configured correctly.

View solution in original post

3 Replies 3

Go to solution
thomas
Cisco Employee
Cisco Employee

‎09-22-2020 09:03 PM

Not enough information to understand what might going on.

It could simply be that you do not have RADIUS Accounting configured so the endpoint/user was authenticated but there is no session for ISE to control with a COA. What do the ISE LiveLogs and Live Sessions say about it?

See ISE Secure Wired Access Prescriptive Deployment Guide > Preparing a Switch for Identity-Based Network Access to verify you have accounting configured correctly.

Go to solution
ade5
Level 1
Level 1

‎10-03-2020 08:52 AM

To test , go into the switch where that endpoint is plugged in and simple clear the session and monitor if it reauthenticates.

Look at the live session logs and validate. Then check the context visibility if its still the same. If it is try and delete it . This should send CoA to reauth that device. Recheck to see if its still the same case.

0 Helpful

Go to solution
hslai
Cisco Employee
Cisco Employee

‎10-03-2020 11:08 AM

thomas is correct on this.

ISE will clean up a session faster if only auth requests but no accounting start. With accounting start, ISE will still clean up a session if no other activities (posture, profiling, reauth, accounting updates) for 5 days.

0 Helpful
Customers Also Viewed These Support Documents