cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1666
Views
1
Helpful
4
Replies

Change from one static endpoint group to another cause CoA?

ciscosteve84
Cisco Employee
Cisco Employee

Will switching an endpoint from one static endpoint group to another static endpoint group result in a CoA?  If so, is this covered under the base license?

1 Accepted Solution

Accepted Solutions

Craig Hyps
Level 10
Level 10

In general, no it will not unless the change results in Authorization Policy change.  This would be triggered by the default Profiler Exception Actions.  Plus is required for Profiling, but it is possible to trigger CoA without a Plus license, for example, as part of a guest flow, or sent via API to MnT.

View solution in original post

4 Replies 4

Craig Hyps
Level 10
Level 10

In general, no it will not unless the change results in Authorization Policy change.  This would be triggered by the default Profiler Exception Actions.  Plus is required for Profiling, but it is possible to trigger CoA without a Plus license, for example, as part of a guest flow, or sent via API to MnT.

Thanks for the response.  The static endpoint group change does result in an AuthZ change.  After doing some testing we've found that we can apply a temp plus license, change the CoA type action to reauth/port bounce and then delete the plus license and the CoA will still work.  However, the customer said that after a reboot the CoA no longer worked until they re-added the temp plus license.  I am going to test that today but I'm unsure as to why that would be. 

CoA is not a binary function.  It can be triggered by many different functions.  As noted, the specific case which is trigger in your case is likely profiling which is activated with Plus license and lost if remove Plus license and reboot.  If customer wants this functionality, then would it not make sense to purchase some Plus licenses?

Understood.  I just wanted to make sure purchasing a plus license was the way to go for them.  Thanks for the help!