topic Hi, in Network Access Control https://community.cisco.com/t5/network-access-control/ise-2-2-coa-fails/m-p/3081293#M23695 <P>Hi,</P> <P></P> <P>I've managed to Solve this issue, i've changed the authentication profile on ISE .</P> <P>we were using eap-fast, and for some reason eap chaining was not enabled. once i've enabled it, it started working fine.</P> Sun, 30 Apr 2017 09:30:16 GMT snir_orlanczyk 2017-04-30T09:30:16Z ISE 2.2 COA fails https://community.cisco.com/t5/network-access-control/ise-2-2-coa-fails/m-p/3081292#M23694 <P>Hello,</P> <P>We have installed Cisco ISE 2.2 as our NAC system.</P> <P>After Posturing the ISE send a COA packet to the 2960-X switch.</P> <P>But we see COA failed with the following result:</P> <H3 class="title">Result</H3> <TABLE class="content_table" border="0"> <TBODY> <TR> <TD width="31%">RadiusPacketType</TD> <TD id="eapKey" width="69%">CoANAK</TD> </TR> <TR> <TD width="31%">Reply-Message</TD> <TD id="eapKey" width="69%">No valid Session</TD> </TR> <TR> <TD width="31%">Error-Cause</TD> <TD id="eapKey" width="69%">Session Context Not Found</TD> </TR> </TBODY> </TABLE> <P></P> <P></P> <P>Our Switch configuration:</P> <P>aaa new-model<BR />aaa group server radius radius_ISE-PSN<BR /> server name ISE-PSN-01<BR /> server name ISE-PSN-02<BR />aaa authentication dot1x default group radius_ISE-PSN<BR />aaa authorization network default group radius_ISE-PSN <BR />aaa accounting delay-start all<BR />aaa accounting update periodic 120<BR />aaa accounting auth-proxy default start-stop group radius_ISE-PSN<BR />aaa accounting dot1x default start-stop group radius_ISE-PSN<BR />aaa server radius dynamic-author<BR /> client 1.1.1.1<BR /> client <SPAN>1.</SPAN><SPAN>1.1.2</SPAN><BR />server-key&nbsp;&lt;KEY&gt;<BR /> auth-type all<BR />aaa session-id common</P> <P>radius-server attribute 6 on-for-login-auth<BR />radius-server attribute 8 include-in-access-req<BR />radius-server attribute 25 access-request include<BR />radius-server attribute 31 mac format ietf upper-case<BR />radius-server attribute 31 send nas-port-detail mac-only</P> <P>radius-server dead-criteria time 5 tries 3<BR />radius-server retransmit 5<BR />radius-server deadtime 10<BR />radius-server accounting system host-config<BR />radius server ISE-PSN-01<BR /> address ipv4 1.1.1.1&nbsp;auth-port 1645 acct-port 1646<BR /> key&nbsp;&lt;KEY&gt;<BR />radius server ISE-PSN-02<BR /> address ipv4 1<SPAN>1.1.1.2</SPAN>&nbsp;auth-port 1645 acct-port 1646<BR /> key <SPAN>&lt;KEY&gt;</SPAN></P> <P><SPAN></SPAN></P> <P><SPAN>interface GigabitEthernet1/0/21<BR /> switchport access vlan&nbsp;1<BR /> switchport mode access<BR /> authentication host-mode multi-host<BR /> authentication port-control auto<BR /> dot1x pae authenticator<BR /> dot1x timeout tx-period 10<BR /> spanning-tree portfast<BR /><BR /></SPAN></P> <P><SPAN>show version <BR />Cisco IOS Software, C2960X Software (C2960X-UNIVERSALK9-M), Version 15.0(2)EX4</SPAN></P> <P><SPAN></SPAN></P> <P><SPAN></SPAN></P> <P><SPAN>Any ideas why the COA fails?</SPAN></P> <P><SPAN></SPAN></P> <P><SPAN>Thanks!</SPAN></P> Mon, 11 Mar 2019 07:30:48 GMT https://community.cisco.com/t5/network-access-control/ise-2-2-coa-fails/m-p/3081292#M23694 snir_orlanczyk 2019-03-11T07:30:48Z Hi, https://community.cisco.com/t5/network-access-control/ise-2-2-coa-fails/m-p/3081293#M23695 <P>Hi,</P> <P></P> <P>I've managed to Solve this issue, i've changed the authentication profile on ISE .</P> <P>we were using eap-fast, and for some reason eap chaining was not enabled. once i've enabled it, it started working fine.</P> Sun, 30 Apr 2017 09:30:16 GMT https://community.cisco.com/t5/network-access-control/ise-2-2-coa-fails/m-p/3081293#M23695 snir_orlanczyk 2017-04-30T09:30:16Z Re: ISE 2.2 COA fails https://community.cisco.com/t5/network-access-control/ise-2-2-coa-fails/m-p/3350476#M23696 <P>In my environment we are not using ERP-FAST configuration.&nbsp;</P> Sun, 18 Mar 2018 14:17:41 GMT https://community.cisco.com/t5/network-access-control/ise-2-2-coa-fails/m-p/3350476#M23696 rajesh.mohapatra1 2018-03-18T14:17:41Z