10-10-2019 02:51 AM - edited 10-10-2019 04:32 AM
Hola ISE Community,
im facing the the following problem. I need a Port Bounce on some Clients after registering with MAB.
I can do that easily with options in "Live Sessions"
Everything works fine.
But now i need this to work automatically. So i tried it with the results like this:
Output Switch:
So i get the vlan 66 but no port bounce happens.... (ignore "IPv4 Address: Unknown".. there is no DHCP Server in this VLAN, just for testing)
Now you. Why does the portbounce not work?
Is something wrong with this command?
Thank you some much for your help.
Solved! Go to Solution.
10-25-2019 03:09 AM
@Mike.Cifelli wrote:
You av-pair looks correct to me. Have you attempted to run debug aaa coa on your NAD? I assume you have properly configured dynamic-author since it works when you trigger it manually. What are you attempting to accomplish with the desired port bounce? Are you unable to potentially profile the devices you wish to have a port bounce, auto register the mac, and setup the profile coa to do a port bounce?
i recommend checking out the prescriptive wired guides and profiler guides
I don't think its going to work with port bounce, what do you expect the flow to do? If you bounce the port you come back again and get into a loop? You need to put the endpoints into a group with vlan assigned to that group
if device unknown, profile, assign to profile endpoint group, this will cause a port bounce
if now known endpoint group then assign authz profile with vlan
10-10-2019 05:35 AM
10-25-2019 03:09 AM
@Mike.Cifelli wrote:
You av-pair looks correct to me. Have you attempted to run debug aaa coa on your NAD? I assume you have properly configured dynamic-author since it works when you trigger it manually. What are you attempting to accomplish with the desired port bounce? Are you unable to potentially profile the devices you wish to have a port bounce, auto register the mac, and setup the profile coa to do a port bounce?
i recommend checking out the prescriptive wired guides and profiler guides
I don't think its going to work with port bounce, what do you expect the flow to do? If you bounce the port you come back again and get into a loop? You need to put the endpoints into a group with vlan assigned to that group
if device unknown, profile, assign to profile endpoint group, this will cause a port bounce
if now known endpoint group then assign authz profile with vlan
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide