Solved: Alarms: COA Failed

sinady · ‎06-24-2021

Dear Team,

I'm facing issue with alarm "COA Failed"

it alert everyday and every minute.

Note: currently i using ISE 2.7 patch 3

Description

Network Device has denied the Change of Authorization request issued by ISE Policy Service nodes.

Suggested Actions

Ensure the Network Device is configured to accept Change of Authorization from ISE, Ensure if COA is issued on a valid session.

It could have any issue or impact to ISE server if it still happen everyday and every minute like this.

Really appreciated if anyone could help and advise on this.

Mike.Cifelli · ‎06-24-2021

You need to ensure that ISE is configured as a dynamic author on your NADs. That alarm means your devices are not properly configured to accept CoA from ISE. See: RADIUS Change of Authorization (cisco.com)

HTH!

View solution in original post

NiTech · ‎06-24-2021

Please check udp 1700 communication between sie and the NAD.

Also check dynamic authorization configured on switch

View solution in original post

Mike.Cifelli · ‎06-24-2021

You need to ensure that ISE is configured as a dynamic author on your NADs. That alarm means your devices are not properly configured to accept CoA from ISE. See: RADIUS Change of Authorization (cisco.com)

HTH!

NiTech · ‎06-24-2021

Please check udp 1700 communication between sie and the NAD.

Also check dynamic authorization configured on switch

sinady · ‎06-29-2021

Hi @NiTech , Thank for your information. Confirmed udp 1700 already allowed. but the issue still happened.

What you mean for this point "Also check dynamic authorization configured on switch"

Thank for your advise.