cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Join Customer Connection to register!
921
Views
0
Helpful
3
Replies
rwehe
Cisco Employee

C3PL Policy-Map Best Practice (ISE 2.X)

I am wondering what the best practice is for a control policy for the event "event inactivity-timeout-match-all" and what the differences are between using "clear-session" and "unauthorize".

The Command Reference for IOS XE gives an example for both "clear-session" and "unauthorize" used in the event " event inactivity-timeout match-all". The IBNS 2.0 Deployment Guide shows three examples of using unauthorize for "event inactivity-timeout-match-all".

Can you please explain the differences between clear-session and unauthorize and when I should use one over the other?

Thank you!

3 REPLIES 3
hslai
Cisco Employee

This is not exactly limited to ISE 2.x so best for you to consult the switch team.

This is mainly affecting devices behind an IP phone or similar. The usual practice is to clear the sessions so to allow the affected devices to initiate new sessions when they are back online. You might want to use unauthorize to not allow the endpoints to initiate new sessions without admin interventions.

rwehe
Cisco Employee

Thank you, I have moved this question to the Switching community

fitzie
Beginner

Do we really want to refer to guides/bast practices that are 10 years old?  All those links are older than ISE is.