Solved: Cisco ISE Configuration

nohfendi1 · ‎09-11-2017

Hi Team.

I just wanna ask. when user still connected to network using dot1x or portal ( guest ). then i try to change the configuration on Cisco ISE ( ex. Change vlan result on authorization policy ) why not affect to the user ?

The user have to reauthenticate to get new configuration

Craig Hyps · ‎09-11-2017

Policy changes do not impact users authenticated with prior policy. Doing such could potentially have a significant negative impact if ISE was to constantly issue CoA's for every policy change. Today you can issue CoA from Live Log for users authorized to a specific policy, but realize the potential impact if issue CoA for hundreds or thousands of sessions at once.

By default, the new policy will take effect on next connection or session reauth timer.

Craig

View solution in original post

Craig Hyps · ‎09-11-2017

Policy changes do not impact users authenticated with prior policy. Doing such could potentially have a significant negative impact if ISE was to constantly issue CoA's for every policy change. Today you can issue CoA from Live Log for users authorized to a specific policy, but realize the potential impact if issue CoA for hundreds or thousands of sessions at once.

By default, the new policy will take effect on next connection or session reauth timer.

Craig

Cisco ISE Configuration

ISE - Field Notice: FN74259 - Configuration Change Recomendado

[注意喚起]ISE 3.2でのconfiguration backupのrestoreに関して

Doc - Implementación y Configuración de Cisco ISE

Doc-Cisco ISE Posture p/ VPN de Acceso Remoto con Cisco Secure Client

[注意喚起]ISE 3.2および3.3でのconfiguration backupのrestoreに関してその2