This document describes the "delete 20000 sessions alarm that might
appear on the Cisco Secure Access Control System (ACS) 5.x dashboard.
Note: This content was created by Dragana Radmilo, Cisco TAC
What is the "delete 20000 sessions" alarm I see on my ACS 5.x
A. This alert is informational and is generated because the ACS View keeps
track of authentication sessions.
The ACS View maintains all the sessions (RADIUS/TACACS
Authentication/Authorization/Accounting). It can keep only 250,000 sessions at
a time. Whenever it crosses 250k, it will try to delete 20k sessions, and will
send an alarm (the one that you see on the ACS
The ACS normally keeps track of the session authentications by
following accounting records ACCOUNT_START and ACCOUNT_STOP. However, if ACS
View does not get ACCOUNT_STOP records, the number of sessions will not be
decreased. As a result, any active sessions for which the ACS View does not
receive an ACCOUNT_STOP will remain and then expire after two days.
This is covered in Cisco bug ID
registered customers only)
Note: These messages are purely informational and do not impact