cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1698
Views
0
Helpful
3
Replies

C3PL Policy-Map Best Practice (ISE 2.X)

rwehe
Cisco Employee
Cisco Employee

I am wondering what the best practice is for a control policy for the event "event inactivity-timeout-match-all" and what the differences are between using "clear-session" and "unauthorize".

The Command Reference for IOS XE gives an example for both "clear-session" and "unauthorize" used in the event " event inactivity-timeout match-all". The IBNS 2.0 Deployment Guide shows three examples of using unauthorize for "event inactivity-timeout-match-all".

Can you please explain the differences between clear-session and unauthorize and when I should use one over the other?

Thank you!

3 Replies 3

hslai
Cisco Employee
Cisco Employee

This is not exactly limited to ISE 2.x so best for you to consult the switch team.

This is mainly affecting devices behind an IP phone or similar. The usual practice is to clear the sessions so to allow the affected devices to initiate new sessions when they are back online. You might want to use unauthorize to not allow the endpoints to initiate new sessions without admin interventions.

rwehe
Cisco Employee
Cisco Employee

Thank you, I have moved this question to the Switching community

fitzie
Level 1
Level 1

Do we really want to refer to guides/bast practices that are 10 years old?  All those links are older than ISE is.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: