cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
601
Views
0
Helpful
2
Replies
Highlighted
Cisco Employee

C3PL Policy-Map Best Practice (ISE 2.X)

I am wondering what the best practice is for a control policy for the event "event inactivity-timeout-match-all" and what the differences are between using "clear-session" and "unauthorize".

The Command Reference for IOS XE gives an example for both "clear-session" and "unauthorize" used in the event " event inactivity-timeout match-all". The IBNS 2.0 Deployment Guide shows three examples of using unauthorize for "event inactivity-timeout-match-all".

Can you please explain the differences between clear-session and unauthorize and when I should use one over the other?

Thank you!

Everyone's tags (5)
2 REPLIES 2
Cisco Employee

Re: C3PL Policy-Map Best Practice (ISE 2.X)

This is not exactly limited to ISE 2.x so best for you to consult the switch team.

This is mainly affecting devices behind an IP phone or similar. The usual practice is to clear the sessions so to allow the affected devices to initiate new sessions when they are back online. You might want to use unauthorize to not allow the endpoints to initiate new sessions without admin interventions.

Cisco Employee

Re: C3PL Policy-Map Best Practice (ISE 2.X)

Thank you, I have moved this question to the Switching community

CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards