03-31-2014 03:45 AM - edited 03-10-2019 09:35 PM
Our ISE does not consume any licenses when we log in (telnet/ssh) to our NAC switches.
The switches are setup with aaa accounting start/stop config.
Is that a normal behavior or have we missed any special aaa accounting config?
According to a TCP dump at the ISE, start stop radius accounting message are received at the ISE server.
04-06-2014 10:09 PM
Are you using the same username and password which are in ISE local database or the referred database (AD , LDAP)?
04-10-2014 12:59 AM
If ISE has any rule based / simple authentication policy for user, then license should be consumed here.
04-10-2014 01:20 AM
Thanks for your input!
Yes, the user is in a referred AD database. We use an Authentication policy where we match on NAS-Port-Type=Virtual.
We currently use the follow accounting configuration:
aaa accounting update periodic 5
aaa accounting dot1x default start-stop group radius
aaa accounting exec default start-stop group radius
aaa accounting network default start-stop group radius
aaa accounting connection default start-stop group radius
aaa accounting system default start-stop group radius
04-11-2014 11:24 PM
04-10-2014 01:19 AM
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: