Problem:
ISE consumed license exceeded, but active sessions are less than consumed licenses.
Solution 1:
- Enter the command: #
Application configure ise
- It will list out the
Option to choose the command
- [1]Reset M&T Session
Database
- Press 1 and Enter
- #Please note that, reset
MNT session DB will restart the service, MW recommended. **
- After this finish choose
the below:
- [5]Refresh Database
Statistics
- Press 5 and Enter
Solution 2:
On a windows 10 PC \windows\system32\
curl -X DELETE --ssl-no-revoke -u admin https://ise-server/admin/API/mnt/Session/Delete/All
or to ignore cert error
curl -X DELETE -k -u admin https://ise-server/admin/API/mnt/Session/Delete/All
will see status SUCCESSFUL returned,
Verify:
https://ise-server/admin/API/mnt/Session/ActiveCount
https://ise-server/admin/API/mnt/Session/ActiveList
https://developer.cisco.com/docs/identity-services-engine/3.0/#!using-api-calls-for-session-management/stale-sessions
To manually delete a stale session for a MAC address, issue the following API call on the command line:
curl -X DELETE https://<mntnode>/admin/API/mnt/Session/Delete/MACAddress/<xx:xx:xx:xx>
=============
Problem:
login ISE with external AD group, don't see device list
You must have an ISE Admin Group mapped to an
AD group. when you create the external admin users, please assign it to the ISE
Admin Group you created instead of the Super Admin group.
Then go to Admin Access>> Authorization,
RBAC Policy, locate your ISE Admin group, in the permission column, click plus
sign to add "Super Admin Data Access" along with "Super Admin
Menu Access"
Secondary PAP
Problem:
MAB failed
Comments
Post a Comment