cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
722
Views
3
Helpful
4
Replies

What is the "Acct update timeout" field in show auth session detail

vv0bbLeS
Level 1
Level 1

Hello all,

When looking at show auth sessions int gx/x detail , I see a field called acct update timeout , and ours is set to 300 seconds with a countdown timer.

My questions are:

  1. What does this field mean?
  2. What resets the countdown timer?
  3. How can you change the value of 300 seconds?

 

You can see the Acct update timeout field from the output below:

 

sw1#show auth sessions int g2/0/9 det
            Interface:  GigabitEthernet2/0/9
               IIF-ID:  0x1234ABCD
          MAC Address:  1234.5678.9012
         IPv6 Address:  Unknown
         IPv4 Address:  x.x.x.x
            User-Name:  12-34-56-78-90-12
               Status:  Authorized
               Domain:  DATA
       Oper host mode:  multi-auth
     Oper control dir:  both
      Session timeout:  N/A
  Acct update timeout:  300s (local), Remaining: 7s
    Common Session ID:  1234567890ABCDEFGHIJKLMN
      Acct Session ID:  0x00001234
               Handle:  0x12340000
       Current Policy:  POLICY_Gi2/0/9


Local Policies:
        Service Template: DEFAULT_LINKSEC_POLICY_SHOULD_SECURE (priority 150)
      Security Policy:  Should Secure

Server Policies:
       Filter-ID: ACL-ALLOW


Method status list:
       Method           State
        dot1x           Stopped
          mab           Authc Success

sw1#
0xD2A6762E
1 Accepted Solution

Accepted Solutions

@vv0bbLeS that is to send a periodic accounting update to RADIUS every 300 seconds to keep the session alive, the recommendation is to send every 2880 minutes (172,800 seconds).

RobIngram_0-1711569050608.png

https://community.cisco.com/t5/security-knowledge-base/ise-secure-wired-access-prescriptive-deployment-guide/ta-p/3641515

View solution in original post

4 Replies 4

The NAD send account info to AAA 

Either periodic (here timeout use) or newinfo. 

aaa accounting update [newinfo] [periodic number [jitter maximum max-value]]

MHM

@vv0bbLeS that is to send a periodic accounting update to RADIUS every 300 seconds to keep the session alive, the recommendation is to send every 2880 minutes (172,800 seconds).

RobIngram_0-1711569050608.png

https://community.cisco.com/t5/security-knowledge-base/ise-secure-wired-access-prescriptive-deployment-guide/ta-p/3641515

vv0bbLeS
Level 1
Level 1

@MHM Cisco World and @Rob Ingram thank you both for your answers! That's exactly what I needed to know! : )

0xD2A6762E

You are so so welcome 

MHM