Reauth timer in common tasks ISE authz profile

Ciscorocks · ‎10-12-2021

Hi,

I am wondering what the reason/purpose is of the reauth timer in the common tasks portion of an authz profile in ISE. I understand it is for keeping the endpoint connecting during re-authentication..is the time configure (in seconds) how long the endpoint stays connected during reauth? I read some docs but would like a more in depth answer. Any help is appreciated.

Thanks!

Marcelo Morais · ‎10-13-2021

Hi @Ciscorocks ,

please take a look at: ISE Admin Guide 3.0, search for Common Tasks.

Spoiler

Reauthentication: Enable this option to keep the endpoint connected during reauthentication. You choose to maintain connectivity during reauthentication by choosing to use RADIUS-Request (1). The Default - RADIUS-Request (0) disconnects the existing session. You can also set an inactivity timer.

Reauthentication: Enable this option to keep the endpoint connected during reauthentication. You choose to maintain connectivity during reauthentication by choosing to use RADIUS-Request (1). The Default - RADIUS-Request (0) disconnects the existing session. You can also set an inactivity timer.

Note: RFC3580 3.19 Termination Action:

RADIUS-Request (1): indicates that re-authentication should occur on expiration of the Session-Time.

Default (RADIUS-Request (0) indicates that the session should terminate.

Please take a look at Attributes Details bellow:

Hope this helps !!!

Ciscorocks · ‎10-13-2021

Hey Marcelo,

Thanks I appreciate the response! It makes more sense now.