Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
826
Views
0
Helpful
1
Replies

ISE Behavior with Meraki MS switches RADIUS Accounting update

Go to solution
slevesqu
Cisco Employee
Cisco Employee

‎06-05-2019 11:29 AM

Hi,

 

A customer is using Meraki switches and ISE in distributed mode with F5 load-balancers in 2 data centers. Since Meraki switches do not have 802.1X timeouts and do not re-authenticate sessions, the customer is wondering what will be the behavior when they bring down the F5 VIP in DC1 as well as the PSNs in DC1 for maintenance. The only keepalives sent by the Meraki swithches are RADIUS accounting updates.

 

What will happen when the PSNs in DC2 receive that RADIUS accounting update with no corresponding sessions? Will they initiate a new session of just drop it? Should the customer initiate a CoA for all the sessions on PSNs in DC1 so they restart on the PSNs in DC2 before bringing them completely down so all the sessions restart on these PSNs?

 

Thanks

 

 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
hslai
Cisco Employee
Cisco Employee

‎06-29-2019 08:10 PM

The current behavior is that the account updates to PSN2 will take over the sessions for the endpoints in M&T session directory.

View solution in original post

0 Helpful
1 Reply 1

Go to solution
hslai
Cisco Employee
Cisco Employee

‎06-29-2019 08:10 PM

The current behavior is that the account updates to PSN2 will take over the sessions for the endpoints in M&T session directory.

0 Helpful
Customers Also Viewed These Support Documents