https://community.cisco.com/t5/network-access-control/in-session-updates/m-p/3437657#M526451 <HTML><HEAD></HEAD><BODY><P><SPAN style="font-size: 10pt;">For wireless platform features, please ask the wireless product support teams.</SPAN></P><P><SPAN style="font-size: 10pt;"><BR /></SPAN></P><P><SPAN style="font-size: 10pt;">If no fast roaming enabled, I believe the roaming will trigger re-auth. This CVD might provide more info:</SPAN></P><P><A href="https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-1/Enterprise-Mobility-8-1-Design-Guide/Enterprise_Mobility_8-1_Deployment_Guide/Chapter-11.html" style="font-size: 10pt;">802.11r, 802.11k, 802.11v, 802.11w Fast Transition Roaming</A></P><P><SPAN style="font-size: 10pt;"><BR /></SPAN></P><P><SPAN style="font-size: 10pt;"><BR /></SPAN></P></BODY></HTML> Wed, 04 Oct 2017 19:22:19 GMT hslai 2017-10-04T19:22:19Z https://community.cisco.com/t5/network-access-control/in-session-updates/m-p/3437654#M526448 <HTML><HEAD></HEAD><BODY><P><SPAN style="color: #000000; font-family: Arial, Helvetica, sans-serif; font-size: 11.36px; background-color: #e3f3ff;">In session updates. Does the system update authorization attributes on re-authentication only (next networking session) or can the system support in-session updates of authorization attributes based on the conditions and access control rules set by IT? </SPAN></P><P><SPAN style="color: #000000; font-family: Arial, Helvetica, sans-serif; font-size: 11.36px; background-color: #e3f3ff;">Specifically, can the system support in-session updates: </SPAN></P><P><SPAN style="color: #000000; font-family: Arial, Helvetica, sans-serif; font-size: 11.36px; background-color: #e3f3ff;">-On client re-authentication? </SPAN></P><P><SPAN style="color: #000000; font-family: Arial, Helvetica, sans-serif; font-size: 11.36px; background-color: #e3f3ff;">-On client RADIUS accounting start or interim updates? </SPAN></P><P><SPAN style="color: #000000; font-family: Arial, Helvetica, sans-serif; font-size: 11.36px; background-color: #e3f3ff;">-On client roam to a new AP? </SPAN></P><P><SPAN style="color: #000000; font-family: Arial, Helvetica, sans-serif; font-size: 11.36px; background-color: #e3f3ff;">-On location change? </SPAN></P></BODY></HTML> Wed, 04 Oct 2017 08:05:36 GMT https://community.cisco.com/t5/network-access-control/in-session-updates/m-p/3437654#M526448 ashvaras 2017-10-04T08:05:36Z https://community.cisco.com/t5/network-access-control/in-session-updates/m-p/3437655#M526449 <HTML><HEAD></HEAD><BODY><P>Similar to your previous question...</P><P></P><P>On client reauthentication -- definitely</P><P>On RADIUS accountings -- not usually but possibly if an external system able to monitor the accounting info and then to issue CoA <A href="https://www.cisco.com/c/en/us/td/docs/security/ise/2-1/api_ref_guide/api_ref_book/ise_api_ref_ch4.html">Using Change of Authorization REST APIs</A></P><P>On roaming -- this depends on how it is done by APs or controllers</P><P>On location change -- it would be a new authentication, if network devices changed. Besides that, ISE supports location-based authorization with Cisco MSE @ <A href="https://www.cisco.com/c/en/us/td/docs/security/ise/2-3/compatibility/ise_sdt.html#pgfId-214582">Supported Cisco Mobility Services Engine Release</A></P></BODY></HTML> Wed, 04 Oct 2017 14:40:26 GMT https://community.cisco.com/t5/network-access-control/in-session-updates/m-p/3437655#M526449 hslai 2017-10-04T14:40:26Z https://community.cisco.com/t5/network-access-control/in-session-updates/m-p/3437656#M526450 <HTML><HEAD></HEAD><BODY><P>can you expand on what you mean for the "on-roaming"? We are using </P><P><SPAN style="color: #343537; font-family: -apple-system, 'Segoe UI Semilight', sans-serif; font-size: 14px; background-color: #f5f5f6;">WLC 8540</SPAN></P><P><SPAN style="color: #343537; font-family: -apple-system, 'Segoe UI Semilight', sans-serif; font-size: 14px; background-color: #f5f5f6;">AP 3702E</SPAN></P><P><SPAN style="color: #343537; font-family: -apple-system, 'Segoe UI Semilight', sans-serif; font-size: 14px; background-color: #f5f5f6;">AP 2802e</SPAN></P><P><SPAN style="color: #343537; font-family: -apple-system, 'Segoe UI Semilight', sans-serif; font-size: 14px; background-color: #f5f5f6;">AP 3802i</SPAN></P><P><SPAN style="color: #343537; font-family: -apple-system, 'Segoe UI Semilight', sans-serif; font-size: 14px; background-color: #f5f5f6;">AP1562E</SPAN></P></BODY></HTML> Wed, 04 Oct 2017 18:08:22 GMT https://community.cisco.com/t5/network-access-control/in-session-updates/m-p/3437656#M526450 ashvaras 2017-10-04T18:08:22Z https://community.cisco.com/t5/network-access-control/in-session-updates/m-p/3437657#M526451 <HTML><HEAD></HEAD><BODY><P><SPAN style="font-size: 10pt;">For wireless platform features, please ask the wireless product support teams.</SPAN></P><P><SPAN style="font-size: 10pt;"><BR /></SPAN></P><P><SPAN style="font-size: 10pt;">If no fast roaming enabled, I believe the roaming will trigger re-auth. This CVD might provide more info:</SPAN></P><P><A href="https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-1/Enterprise-Mobility-8-1-Design-Guide/Enterprise_Mobility_8-1_Deployment_Guide/Chapter-11.html" style="font-size: 10pt;">802.11r, 802.11k, 802.11v, 802.11w Fast Transition Roaming</A></P><P><SPAN style="font-size: 10pt;"><BR /></SPAN></P><P><SPAN style="font-size: 10pt;"><BR /></SPAN></P></BODY></HTML> Wed, 04 Oct 2017 19:22:19 GMT https://community.cisco.com/t5/network-access-control/in-session-updates/m-p/3437657#M526451 hslai 2017-10-04T19:22:19Z