Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4898
Views
0
Helpful
1
Replies

Endpoint session on Cisco ISE 2.1

Go to solution
antonio.dinapoli
Level 1
Level 1

‎11-09-2016 12:39 PM - edited ‎03-11-2019 12:13 AM

Hi,

I've installed ISE 2.1 with patch 1.

I have a question about session timing on Cisco ISE.

If a NAD receives an Access_Accept message for an endpoint, ISE installs a session that is visible on Live session section.

If the endpoint disconnects from the network, which is the timeout for that session?

Is it possible to tune this timer?

I try to terminate the session with the CoA Action on Live Session but this action fails because my switch doesn't support CoA.

So I reboot Cisco ISE and only after its reloading the session is removed.

In a case that it is not possible to use the "terminate" functionality, is it possible to remove the session in another manner?

Thanks in advance

Antonio

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Kanwaljeet Singh
Cisco Employee
Cisco Employee

‎11-09-2016 02:19 PM

Hi Antonio,

  • Terminated sessions are cleaned 15 minutes after termination.
  • If there is authentication but no accounting, then such sessions are cleared after one hour.
  • All inactive sessions are cleaned after seven days.

But your NAD should send accounting-start and stop message for better functioning.

For manual removal you can use below method as mentioned in the link i pasted. You can view section "Removing stale sessions".

http://www.cisco.com/c/en/us/td/docs/security/ise/1-4/api_ref_guide/api_ref_book/ise_api_ref_ch2.html#pgfId-1072950

You might also be interested in below discussion:

https://communities.cisco.com/thread/61587?start=0&tstart=0

Regards,

Kanwal

Note: Please mark answers if they are helpful.

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Kanwaljeet Singh
Cisco Employee
Cisco Employee

‎11-09-2016 02:19 PM

Hi Antonio,

  • Terminated sessions are cleaned 15 minutes after termination.
  • If there is authentication but no accounting, then such sessions are cleared after one hour.
  • All inactive sessions are cleaned after seven days.

But your NAD should send accounting-start and stop message for better functioning.

For manual removal you can use below method as mentioned in the link i pasted. You can view section "Removing stale sessions".

http://www.cisco.com/c/en/us/td/docs/security/ise/1-4/api_ref_guide/api_ref_book/ise_api_ref_ch2.html#pgfId-1072950

You might also be interested in below discussion:

https://communities.cisco.com/thread/61587?start=0&tstart=0

Regards,

Kanwal

Note: Please mark answers if they are helpful.

0 Helpful
Customers Also Viewed These Support Documents