cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
 
ISE 2.3 Patch 7 has been posted. This will be the last patch for the ISE 2.3 release!
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

299
Views
1
Helpful
2
Replies
Cisco Employee

SNMP CoA in third party NAD documentation

Hi,


According to our famous Cisco Identity Services Engine Network Component Compatibility, Release 2.2 - Cisco we do require Radius CoA for many functions:

Whouldn't it be more accurate to say that we require CoA instead of Radius CoA? We now have SNMP CoA.

Regards

Roman

1 ACCEPTED SOLUTION

Accepted Solutions
Advocate

Re: SNMP CoA in third party NAD documentation

In general, that is correct, but not all flows and use cases that entail CoA have been validated using SNMP such as MDM, TrustSec, and ANC operations.   Also, due to the fact that SNMP CoA does not allow for a "soft" reauth or push, the client connection is typically disruptive (port shut/no shut) and relies on what I termed "session stitching" to bind the pre- and post-CoA sessions.  This logic is linked to specific flows.

Similarly, URL Redirection with walled garden approach was not validated for all redirect flows (more specifically MDM) but that is more of a test exercise since the basic principles should apply to any session that requires redirection.

/Craig

2 REPLIES 2
Highlighted
Cisco Employee

Re: SNMP CoA in third party NAD documentation

BTW, the same applies to URL Redirect with the Walled Garden approach...

Advocate

Re: SNMP CoA in third party NAD documentation

In general, that is correct, but not all flows and use cases that entail CoA have been validated using SNMP such as MDM, TrustSec, and ANC operations.   Also, due to the fact that SNMP CoA does not allow for a "soft" reauth or push, the client connection is typically disruptive (port shut/no shut) and relies on what I termed "session stitching" to bind the pre- and post-CoA sessions.  This logic is linked to specific flows.

Similarly, URL Redirection with walled garden approach was not validated for all redirect flows (more specifically MDM) but that is more of a test exercise since the basic principles should apply to any session that requires redirection.

/Craig