06-05-2019 11:29 AM
Hi,
A customer is using Meraki switches and ISE in distributed mode with F5 load-balancers in 2 data centers. Since Meraki switches do not have 802.1X timeouts and do not re-authenticate sessions, the customer is wondering what will be the behavior when they bring down the F5 VIP in DC1 as well as the PSNs in DC1 for maintenance. The only keepalives sent by the Meraki swithches are RADIUS accounting updates.
What will happen when the PSNs in DC2 receive that RADIUS accounting update with no corresponding sessions? Will they initiate a new session of just drop it? Should the customer initiate a CoA for all the sessions on PSNs in DC1 so they restart on the PSNs in DC2 before bringing them completely down so all the sessions restart on these PSNs?
Thanks
Solved! Go to Solution.
06-29-2019 08:10 PM
The current behavior is that the account updates to PSN2 will take over the sessions for the endpoints in M&T session directory.
06-29-2019 08:10 PM
The current behavior is that the account updates to PSN2 will take over the sessions for the endpoints in M&T session directory.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide