12-13-2017 05:20 AM
Hi,
how ISE receives notification when users is logged off.
Log on is registered as WMI events from the DC.
Is there a mechanism to notify ISE about log off event and trigger CoA that will kill the session on the switch.
BR Milan
Solved! Go to Solution.
12-13-2017 08:30 AM
PassiveID doesn't currently look for log off events from the DC. The only mechanism to clear a PassiveID session is to use the endpoint probe or allow the global timeout to occur.
Regards,
-Tim
12-13-2017 08:30 AM
PassiveID doesn't currently look for log off events from the DC. The only mechanism to clear a PassiveID session is to use the endpoint probe or allow the global timeout to occur.
Regards,
-Tim
08-14-2023 09:45 AM - edited 08-14-2023 10:19 AM
Thanks
Br
Aymen
12-14-2017 12:43 AM
Hi Tim,
global timeout is configured under PassiveID settings and default value is 24 hours. This means, all locally stored WMI received information on ISE will be deleted if user doesn't login to AD in 24 hours.
Second mechanism is the endpoint probe. Probe utilize NMPA profiling? Is probing of PassiveID users automatic or we need to manually enable it?
Where can I fined more data about endpoint probe settings?
What is the goal of enabling SNMP on ISE for a network element. How SNMP data from switch helps ISE?
BR Milan
12-14-2017 07:52 AM
Hi,
Yes, the default value for global PassiveID timeout is 24 hours but can be configured to as little as 1 hour. The Endpoint probe uses the AD credentials used to join PIC to AD to query the endpoint for the current user using WMI. If the endpoint is currently setup up for remote monitoring using WMI, PIC will attempt to use ISEexec (based on PSexec) to configure the endpoint for remote WMI monitoring and try again. The endpoint probe will attempt to query the endpoint for the current user every 4 hours.
Regards,
-Tim
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide