https://community.cisco.com/t5/network-access-control/cannot-get-coa-switch-to-bounce-port/m-p/2478446#M87737 <P>Hi, I am trying to clear up a VLAN change/IP addressing conflict and have configured the profile's associated CoA type to 'port bounce'. I also created an exception action to force CoA with an associate rule in the policy. </P><P></P><P>I can see the device hit the correct profile upon MAB, and the correct VLAN is applied to the port. However, I never see the port bounce occuring, so the deviec does not know to release/renew it's IP address.</P><P></P><P>Is there something I'm missing to get the CoA port bounce to happen? Here is my switchport config...</P><P></P><P>interface GigabitEthernet1/5</P><P> description ISE_TEST</P><P> switchport access vlan 32</P><P> switchport mode access</P><P> switchport voice vlan 64</P><P> ip access-group ACL-ALLOW in</P><P> logging event link-status</P><P> authentication event fail action next-method</P><P> authentication event server dead action authorize vlan 2700</P><P> authentication event server alive action reinitialize </P><P> authentication host-mode multi-auth</P><P> authentication open</P><P> authentication order dot1x mab</P><P> authentication priority dot1x mab</P><P> authentication port-control auto</P><P> authentication periodic</P><P> authentication timer restart 600</P><P> authentication timer reauthenticate server</P><P> authentication violation restrict</P><P> mab</P><P> dot1x pae authenticator</P><P> dot1x timeout tx-period 5</P><P> service-policy input QoS-Input-Policy</P><P> service-policy output QoS-Host-Port-Output-Policy</P><P>end</P> Mon, 11 Mar 2019 04:27:22 GMT Josh Morris 2019-03-11T04:27:22Z https://community.cisco.com/t5/network-access-control/cannot-get-coa-switch-to-bounce-port/m-p/2478446#M87737 <P>Hi, I am trying to clear up a VLAN change/IP addressing conflict and have configured the profile's associated CoA type to 'port bounce'. I also created an exception action to force CoA with an associate rule in the policy. </P><P></P><P>I can see the device hit the correct profile upon MAB, and the correct VLAN is applied to the port. However, I never see the port bounce occuring, so the deviec does not know to release/renew it's IP address.</P><P></P><P>Is there something I'm missing to get the CoA port bounce to happen? Here is my switchport config...</P><P></P><P>interface GigabitEthernet1/5</P><P> description ISE_TEST</P><P> switchport access vlan 32</P><P> switchport mode access</P><P> switchport voice vlan 64</P><P> ip access-group ACL-ALLOW in</P><P> logging event link-status</P><P> authentication event fail action next-method</P><P> authentication event server dead action authorize vlan 2700</P><P> authentication event server alive action reinitialize </P><P> authentication host-mode multi-auth</P><P> authentication open</P><P> authentication order dot1x mab</P><P> authentication priority dot1x mab</P><P> authentication port-control auto</P><P> authentication periodic</P><P> authentication timer restart 600</P><P> authentication timer reauthenticate server</P><P> authentication violation restrict</P><P> mab</P><P> dot1x pae authenticator</P><P> dot1x timeout tx-period 5</P><P> service-policy input QoS-Input-Policy</P><P> service-policy output QoS-Host-Port-Output-Policy</P><P>end</P> Mon, 11 Mar 2019 04:27:22 GMT https://community.cisco.com/t5/network-access-control/cannot-get-coa-switch-to-bounce-port/m-p/2478446#M87737 Josh Morris 2019-03-11T04:27:22Z https://community.cisco.com/t5/network-access-control/cannot-get-coa-switch-to-bounce-port/m-p/2478447#M87739 <P>please see the Port Bounce Configuration guide:</P><P>http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/user_guide/ise_user_guide/ise_prof_pol.html#wp2021892</P> Wed, 12 Mar 2014 06:06:58 GMT https://community.cisco.com/t5/network-access-control/cannot-get-coa-switch-to-bounce-port/m-p/2478447#M87739 Naveen Kumar 2014-03-12T06:06:58Z https://community.cisco.com/t5/network-access-control/cannot-get-coa-switch-to-bounce-port/m-p/2478448#M87742 Did you fix this? Sat, 31 May 2014 22:28:24 GMT https://community.cisco.com/t5/network-access-control/cannot-get-coa-switch-to-bounce-port/m-p/2478448#M87742 bikespace 2014-05-31T22:28:24Z https://community.cisco.com/t5/network-access-control/cannot-get-coa-switch-to-bounce-port/m-p/2478449#M87747 <P>I did, but my issue was not related to the port bounce itself. It was because arp inspection was identifying the arp based off the ports initial VLAN. Once ISE changed the VLAN, ip arp was denying the port because the address had changed. I disabled arp inspection and it cleared up the issue.</P> Wed, 04 Jun 2014 15:38:20 GMT https://community.cisco.com/t5/network-access-control/cannot-get-coa-switch-to-bounce-port/m-p/2478449#M87747 Josh Morris 2014-06-04T15:38:20Z