Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1789
Views
5
Helpful
3
Replies

Change CoA Type for Printers Only

Go to solution
Walker
Level 1
Level 1

‎11-03-2021 09:46 AM

Greetings ISE Community,

I am attempting to resolve an issue where our printers are not automatically reauthenticating after a VLAN change. I must go to each port and manually bounce it. Other endpoint types do not seem to have this issue and will reauthenticate on their own after I change the vlan on the port. In our Global Settings, CoA Type is set to Reauth and in all of our profiling policies the Associated CoA Type is set to use the Global Setting.

My question is, do I need to identify each printer's profiling policy and change the Associated CoA Type to Port Bounce instead of the Global Setting of Reauth? Will this allow each printer to reauth on their own after a vlan change while not affecting any of the other endpoint types? If not, is there any other recommended course of action to address this issue?

Thank you for your time.

0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Greg Gibbs
Cisco Employee
Cisco Employee

‎11-03-2021 03:09 PM

The issue is likely not related to the printer reauthenticating, but rather that the printer gets an IP address in the starting VLAN and is not aware of the VLAN change to request a new IP address in the new VLAN. This is a common problem in general with using dynamic VLAN assignment.

See the following post for a similar discussion and some suggested workarounds.

Dhcp Renew for ISE Dynamic Vlan 

View solution in original post

Go to solution
Walker
Level 1
Level 1
In response to Greg Gibbs

‎11-04-2021 06:36 AM

Very interesting. Out of the many different endpoint types, the various types of printers seem to be the only ones that are unaware of a change. In a large environment, manually shut/no shutting every port becomes cumbersome. Thank you for the link. I will look into the Smart Ports suggestion in the thread you linked but I'm unsure how feasible that will be for our environment.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Greg Gibbs
Cisco Employee
Cisco Employee

‎11-03-2021 03:09 PM

The issue is likely not related to the printer reauthenticating, but rather that the printer gets an IP address in the starting VLAN and is not aware of the VLAN change to request a new IP address in the new VLAN. This is a common problem in general with using dynamic VLAN assignment.

See the following post for a similar discussion and some suggested workarounds.

Dhcp Renew for ISE Dynamic Vlan 

Go to solution
Walker
Level 1
Level 1
In response to Greg Gibbs

‎11-04-2021 06:36 AM

Very interesting. Out of the many different endpoint types, the various types of printers seem to be the only ones that are unaware of a change. In a large environment, manually shut/no shutting every port becomes cumbersome. Thank you for the link. I will look into the Smart Ports suggestion in the thread you linked but I'm unsure how feasible that will be for our environment.

0 Helpful

Go to solution
hslai
Cisco Employee
Cisco Employee

‎11-08-2021 04:52 PM

If you are seeing the printers re-authenticated upon profiled as a printer profile and resulting a change of VLAN, then yes, the CoA type should be port bounce. You could set it as the global setting if majority of your endpoints need a port bounce after profiling or override it per-profiler-policy if a small minor portion.

0 Helpful
Customers Also Viewed These Support Documents