Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1247
Views
0
Helpful
4
Replies

Passive ID log off

Go to solution
m.markocevic
Level 1
Level 1

‎12-13-2017 05:20 AM

Hi,

how ISE receives notification when users is logged off.

Log on is registered as WMI events from the DC.

Is there a mechanism to notify ISE about log off event and trigger CoA that will kill the session on the switch.

BR Milan

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Timothy Abbott
Cisco Employee
Cisco Employee

‎12-13-2017 08:30 AM

PassiveID doesn't currently look for log off events from the DC.  The only mechanism to clear a PassiveID session is to use the endpoint probe or allow the global timeout to occur.

Regards,

-Tim

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Timothy Abbott
Cisco Employee
Cisco Employee

‎12-13-2017 08:30 AM

PassiveID doesn't currently look for log off events from the DC.  The only mechanism to clear a PassiveID session is to use the endpoint probe or allow the global timeout to occur.

Regards,

-Tim

0 Helpful

Go to solution
AminRamadan
Level 1
Level 1
In response to Timothy Abbott

‎08-14-2023 09:45 AM - edited ‎08-14-2023 10:19 AM

Thanks

 

Br

Aymen

0 Helpful

Go to solution
m.markocevic
Level 1
Level 1

‎12-14-2017 12:43 AM

Hi Tim,

global timeout is configured under PassiveID settings and default value is 24 hours. This means, all locally stored WMI received information on ISE will be deleted if user doesn't login to AD in 24 hours.

Second mechanism is the endpoint probe. Probe utilize NMPA profiling?  Is probing of PassiveID users automatic or we need to manually enable it?

Where can I fined more data about endpoint probe settings?

What is the goal of enabling SNMP on ISE for a network element. How SNMP data from switch helps ISE?

BR Milan

0 Helpful

Go to solution
Timothy Abbott
Cisco Employee
Cisco Employee
In response to m.markocevic

‎12-14-2017 07:52 AM

Hi,

Yes, the default value for global PassiveID timeout is 24 hours but can be configured to as little as 1 hour.  The Endpoint probe uses the AD credentials used to join PIC to AD to query the endpoint for the current user using WMI.  If the endpoint is currently setup up for remote monitoring using WMI, PIC will attempt to use ISEexec (based on PSexec) to configure the endpoint for remote WMI monitoring and try again.  The endpoint probe will attempt to query the endpoint for the current user every 4 hours.

Regards,

-Tim

0 Helpful
Customers Also Viewed These Support Documents