cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

2629
Views
0
Helpful
1
Replies

Endpoint session on Cisco ISE 2.1

Hi,

I've installed ISE 2.1 with patch 1.

I have a question about session timing on Cisco ISE.

If a NAD receives an Access_Accept message for an endpoint, ISE installs a session that is visible on Live session section.

If the endpoint disconnects from the network, which is the timeout for that session?

Is it possible to tune this timer?

I try to terminate the session with the CoA Action on Live Session but this action fails because my switch doesn't support CoA.

So I reboot Cisco ISE and only after its reloading the session is removed.

In a case that it is not possible to use the "terminate" functionality, is it possible to remove the session in another manner?

Thanks in advance

Antonio

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Cisco Employee

Hi Antonio,

Hi Antonio,

  • Terminated sessions are cleaned 15 minutes after termination.
  • If there is authentication but no accounting, then such sessions are cleared after one hour.
  • All inactive sessions are cleaned after seven days.

But your NAD should send accounting-start and stop message for better functioning.

For manual removal you can use below method as mentioned in the link i pasted. You can view section "Removing stale sessions".

http://www.cisco.com/c/en/us/td/docs/security/ise/1-4/api_ref_guide/api_ref_book/ise_api_ref_ch2.html#pgfId-1072950

You might also be interested in below discussion:

https://communities.cisco.com/thread/61587?start=0&tstart=0

Regards,

Kanwal

Note: Please mark answers if they are helpful.

View solution in original post

1 REPLY 1
Highlighted
Cisco Employee

Hi Antonio,

Hi Antonio,

  • Terminated sessions are cleaned 15 minutes after termination.
  • If there is authentication but no accounting, then such sessions are cleared after one hour.
  • All inactive sessions are cleaned after seven days.

But your NAD should send accounting-start and stop message for better functioning.

For manual removal you can use below method as mentioned in the link i pasted. You can view section "Removing stale sessions".

http://www.cisco.com/c/en/us/td/docs/security/ise/1-4/api_ref_guide/api_ref_book/ise_api_ref_ch2.html#pgfId-1072950

You might also be interested in below discussion:

https://communities.cisco.com/thread/61587?start=0&tstart=0

Regards,

Kanwal

Note: Please mark answers if they are helpful.

View solution in original post