https://community.cisco.com/t5/network-access-control/ise-2-3-trustsec-configuration-for-nexus-1000v/m-p/3092667#M25457 <P>Unless something dramatic has changed in the code, the N1Kv does not support CoA.&nbsp;</P> <P></P> <P>You can use the <A href="https://www.cisco.com/c/en/us/td/docs/security/ise/2-1/admin_guide/b_ise_admin_guide_21/b_ise_admin_guide_20_chapter_010111.html#task_ECEA0697E37149238F54C051B97F0306">CLI(SSH)</A> instead.&nbsp; That is a link to ISE 2.1 documentation, but the steps are identical in 2.3. </P> <P>If you simply need the N1Kv to be aware of changes you have made in ISE configuration (such as in the TrustSec Matrix or SGACL, which would normally be pushed to a device via CoA), you can use a simple CLI command in NX-OS.&nbsp;</P> <P></P> <P style="margin-bottom: .0001pt;"><STRONG><SPAN style="font-size: 10.0pt; line-height: 107%; font-family: 'Anonymous Pro'; color: #7030a0;">N1kv# cts refresh role-based-policy</SPAN></STRONG></P> Sun, 13 Aug 2017 17:57:19 GMT jonathan.cuthbert 2017-08-13T17:57:19Z https://community.cisco.com/t5/network-access-control/ise-2-3-trustsec-configuration-for-nexus-1000v/m-p/3092666#M25456 <P>Hi,&nbsp;</P> <P>i am struggeling with the configuration of my Nexus 1000. In the&nbsp;Cisco TrustSec Quick Start Configuration Guide, in the section Defining TrustSec Devices within ISE it is mentioned to configure the option "Send configuration changes to device" to use CoA.</P> <P>There is a following note "The step above configures communication between the 3650 and ISE. The step must be repeated to configure the communication between the Nexus1000v and ISE."</P> <P>But it seems the Nexus is not capable of receiving CoA messages. Because ISE is giving me this error "11213 No response received from Network Access Device after sending a Dynamic Authorization request "</P> <P>How can I&nbsp;update changes of&nbsp;my policies to the Nexus 1000v?</P> <P></P> <P>thanks for your feedback</P> <P>Alex</P> <P></P> Mon, 11 Mar 2019 07:56:09 GMT https://community.cisco.com/t5/network-access-control/ise-2-3-trustsec-configuration-for-nexus-1000v/m-p/3092666#M25456 alex.dersch 2019-03-11T07:56:09Z https://community.cisco.com/t5/network-access-control/ise-2-3-trustsec-configuration-for-nexus-1000v/m-p/3092667#M25457 <P>Unless something dramatic has changed in the code, the N1Kv does not support CoA.&nbsp;</P> <P></P> <P>You can use the <A href="https://www.cisco.com/c/en/us/td/docs/security/ise/2-1/admin_guide/b_ise_admin_guide_21/b_ise_admin_guide_20_chapter_010111.html#task_ECEA0697E37149238F54C051B97F0306">CLI(SSH)</A> instead.&nbsp; That is a link to ISE 2.1 documentation, but the steps are identical in 2.3. </P> <P>If you simply need the N1Kv to be aware of changes you have made in ISE configuration (such as in the TrustSec Matrix or SGACL, which would normally be pushed to a device via CoA), you can use a simple CLI command in NX-OS.&nbsp;</P> <P></P> <P style="margin-bottom: .0001pt;"><STRONG><SPAN style="font-size: 10.0pt; line-height: 107%; font-family: 'Anonymous Pro'; color: #7030a0;">N1kv# cts refresh role-based-policy</SPAN></STRONG></P> Sun, 13 Aug 2017 17:57:19 GMT https://community.cisco.com/t5/network-access-control/ise-2-3-trustsec-configuration-for-nexus-1000v/m-p/3092667#M25457 jonathan.cuthbert 2017-08-13T17:57:19Z https://community.cisco.com/t5/network-access-control/ise-2-3-trustsec-configuration-for-nexus-1000v/m-p/3092668#M25458 <P>Hi Jonathan,&nbsp;</P> <P>thanks for your reply, just testing while I am writing this lines.</P> <P>I assume this is also valid for the Neus 5K switches.</P> <P>Best regards</P> <P>Alex</P> Sun, 13 Aug 2017 18:10:02 GMT https://community.cisco.com/t5/network-access-control/ise-2-3-trustsec-configuration-for-nexus-1000v/m-p/3092668#M25458 alex.dersch 2017-08-13T18:10:02Z