Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

No ISE licenses consumed for active telnet sessions to NAC switches?

Our ISE does not consume any licenses when we log in (telnet/ssh) to our NAC switches.

The switches are setup with aaa accounting start/stop config.

 

Is that a normal behavior or have we missed any special aaa accounting config?

According to a TCP dump at the ISE, start stop radius accounting message are received at the ISE server.

 

 

 

 

 

 

 

5 REPLIES

Are you using the same

Are you using the same username and password which are in ISE local database or the referred database (AD  , LDAP)?

If ISE has any rule based /

If ISE has any rule based / simple authentication policy for user, then license should be consumed here.

Community Member

Thanks for your input!Yes,

Thanks for your input!

Yes, the user is in a referred AD database. We use an Authentication policy where we match on NAS-Port-Type=Virtual.

 

We currently use the follow accounting configuration:

aaa accounting update periodic 5
aaa accounting dot1x default start-stop group radius
aaa accounting exec default start-stop group radius
aaa accounting network default start-stop group radius
aaa accounting connection default start-stop group radius
aaa accounting system default start-stop group radius

I have also seen this before.

I have also seen this before. I will need to double check in the lab but I dont think the counter will increment because there is not any aaa seesion id to track that session with. Also with the service type set to login that might be why the counter may not increment.
Tarik Admani *Please rate helpful posts*
Community Member

Thanks for your input!Yes,

 

 

 

170
Views
0
Helpful
5
Replies
CreatePlease to create content