01-09-2018 01:18 PM - edited 03-08-2019 01:21 PM
I am wondering what the best practice is for a control policy for the event "event inactivity-timeout-match-all" and what the differences are between using "clear-session" and "unauthorize".
The Command Reference for IOS XE gives an example for both "clear-session" and "unauthorize" used in the event " event inactivity-timeout match-all". The IBNS 2.0 Deployment Guide shows three examples of using unauthorize for "event inactivity-timeout-match-all".
Can you please explain the differences between clear-session and unauthorize and when I should use one over the other?
Thank you!
01-10-2018 01:54 PM
This is not exactly limited to ISE 2.x so best for you to consult the switch team.
This is mainly affecting devices behind an IP phone or similar. The usual practice is to clear the sessions so to allow the affected devices to initiate new sessions when they are back online. You might want to use unauthorize to not allow the endpoints to initiate new sessions without admin interventions.
01-10-2018 05:22 PM
Thank you, I have moved this question to the Switching community
02-27-2020 06:07 AM
Do we really want to refer to guides/bast practices that are 10 years old? All those links are older than ISE is.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide