Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
577
Views
0
Helpful
1
Replies

Cisco ISE Configuration

Go to solution
nohfendi1
Level 1
Level 1

‎09-11-2017 08:29 AM

Hi Team.

I just wanna ask. when user still connected to network using dot1x or portal ( guest ). then i try to change the configuration on Cisco ISE ( ex. Change vlan result on authorization policy ) why not affect to the user ?

The user have to reauthenticate to get new configuration

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Craig Hyps
Level 10
Level 10

‎09-11-2017 09:17 AM

Policy changes do not impact users authenticated with prior policy.  Doing such could potentially have a significant negative impact if ISE was to constantly issue CoA's for every policy change.  Today you can issue CoA from Live Log for users authorized to a specific policy, but realize the potential impact if issue CoA for hundreds or thousands of sessions at once.

By default, the new policy will take effect on next connection or session reauth timer.

Craig

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Craig Hyps
Level 10
Level 10

‎09-11-2017 09:17 AM

Policy changes do not impact users authenticated with prior policy.  Doing such could potentially have a significant negative impact if ISE was to constantly issue CoA's for every policy change.  Today you can issue CoA from Live Log for users authorized to a specific policy, but realize the potential impact if issue CoA for hundreds or thousands of sessions at once.

By default, the new policy will take effect on next connection or session reauth timer.

Craig

0 Helpful
Customers Also Viewed These Support Documents