Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
23278
Views
30
Helpful
4
Replies

Session-timeout on ISE 2.2

Go to solution
Mady
Level 4
Level 4

‎10-04-2017 01:01 AM - edited ‎02-21-2020 10:35 AM

I'm looking for session-timeout attribute on ISE 2.2. When I checked on attributes>Radius, I can't find that attribute.

 

I want to enable it because there are users which are disconnected randomly on wireless connection though we already set WLAN>Advanced>Enable Session timeout as 28800.

 

What I found was on AuthZ profile Re-authenticate check box.

 

Does the Radius attribute session-timeout is the same with AuthZ profile re-authenticate? If not, how can I add this session-timeout attribute on ISE?

 

I just want to make sure that authenticated users will have session of 28800 and will not be disconnected.

 

Thanks in advance!

2 people had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
agrissimanis
Level 1
Level 1
In response to Mady

‎10-04-2017 02:34 AM

You shouldn't need to do anything else to use session timeout attribute. On the Authorization profile that is assigned to the affected users, select "Reauthentication" checkbox and enter the value in seconds. You should also be able to specify it manually from the "Advanced attributes settings" section of the authorization profile, select "Radius:Session-Timeout". The result will be the same.

Then in the "Attributes details" section you will see currently configured attributes that will be sent to the WLC.

In the WLC you can then go to the Monitor -> Clients section, select the client, and look at the "Re-authentication timeout" value assigned to the client.

View solution in original post

4 Replies 4

Go to solution
agrissimanis
Level 1
Level 1

‎10-04-2017 01:47 AM

AuthZ profile re-authenticate is the same as "Enable Session Timeout" on WLC. Just make sure you also have "Allow AAA Override" enabled on that WLAN for this to work.

There are several reasons why clients could get disconnected. Do you also have "Client user idle timeout" enabled on the WLAN?

0 Helpful

Go to solution
Mady
Level 4
Level 4
In response to agrissimanis

‎10-04-2017 02:07 AM

Hi agrissimanis thanks for your reply! :)      

 

Client idle timeout is not enabled on WLAN.

 

How about the session timeout on Radius attribute. I've checked on Dictionary > IETF > Radius and found that there is session timeout attrubute #27. But when I will use it on the policy, it does not appear.

 

Is there any config on ISE that I need to enable before using the session timeout attribute?

 

 

 
0 Helpful

Go to solution
agrissimanis
Level 1
Level 1
In response to Mady

‎10-04-2017 02:34 AM

You shouldn't need to do anything else to use session timeout attribute. On the Authorization profile that is assigned to the affected users, select "Reauthentication" checkbox and enter the value in seconds. You should also be able to specify it manually from the "Advanced attributes settings" section of the authorization profile, select "Radius:Session-Timeout". The result will be the same.

Then in the "Attributes details" section you will see currently configured attributes that will be sent to the WLC.

In the WLC you can then go to the Monitor -> Clients section, select the client, and look at the "Re-authentication timeout" value assigned to the client.

Go to solution
Arne Bier
VIP
VIP
In response to agrissimanis

‎10-04-2017 04:32 PM

On the subject of setting a custom Session-Timeout in the Authorization profile, has anyone else noticed that in the Results sent to the NAS, ISE has a cosmetic bug and things the Session-Timeout is in milliseconds? 

This is a cosmetic bug because the radius attribute is correctly interpreted by the NAS in seconds, therefore the operation is not impacted.  I have raised this as a TAC case ages ago - no bug has been filed as yet.

milliseconds.png 

Customers Also Viewed These Support Documents