Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
678
Views
0
Helpful
3
Replies

ISE and session monitoring

Go to solution
Arne Bier
VIP
VIP

‎12-04-2017 08:19 PM

Hi

Is there a simple answer to this question?  What constitutes a 'Session' in ISE, and how is a session created (based on Account Session ID or Audit Session ID)?

When I look at the Operations > RADIUS > LiveSessions I can see a bunch of entries - what is the difference between Started and Authenticated, since both of them seem to be triggered on an Accounting Start?

In the context of Guest Wireless, I have observed that the Cisco WLC creates a session as soon as MAB is triggered.

Once that user logs into the Guest portal and then successfully authenticates, the WLC creates a new session.

Example below of what I am seeing  (it would be nice to have the Title (top) Row frozen ... I think someone may have raised that previously)

Will ISE create a session if the NAS doesn't send any accounting records?

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
hslai
Cisco Employee
Cisco Employee

‎12-04-2017 09:00 PM

ISE sessions are keying off endpoint IDs -- mostly RADIUS calling station IDs or MAC addresses in case of AnyConnect VPN providing ACIDEX.

Without RADIUS accounting start on a matching endpoint ID, then a session stays in Authenticated state after authentication.

CWA guest sessions maintain the same sessions from MAB to Guest auth until accounting stops.

Yes, ISE will have a session for an endpoint without RADIUS accounting.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
hslai
Cisco Employee
Cisco Employee

‎12-04-2017 09:00 PM

ISE sessions are keying off endpoint IDs -- mostly RADIUS calling station IDs or MAC addresses in case of AnyConnect VPN providing ACIDEX.

Without RADIUS accounting start on a matching endpoint ID, then a session stays in Authenticated state after authentication.

CWA guest sessions maintain the same sessions from MAB to Guest auth until accounting stops.

Yes, ISE will have a session for an endpoint without RADIUS accounting.

0 Helpful

Go to solution
Arne Bier
VIP
VIP
In response to hslai

‎12-04-2017 10:18 PM

thanks.  I tried to make sense of it by sorting the columns. OMG. I can't get the sorting to work.  The little icon appears to indicate ascending/descending, but nothing happens.  ISE 2.3 - another bug ?  Tried Firefox and Chrome.  It seems no sorting works in RADIUS or TACACS Live Logs either.

Not having a great ISE day. My PAN node crashed today when I tried deleting 300 out of a total of 600 endpoints (TAC case for this too).  I don't think it's up to the job anymore.  Am I asking too much?

0 Helpful

Go to solution
hslai
Cisco Employee
Cisco Employee
In response to Arne Bier

‎12-10-2017 11:46 PM

CSCvf21319 is an existing bug on the sorting problem in ISE live sessions. The bug might take another day or two before externally visible.

Please continue working with TAC on the server crash triggered by deleting endpoints.

0 Helpful
Customers Also Viewed These Support Documents