09-11-2017 08:29 AM
Hi Team.
I just wanna ask. when user still connected to network using dot1x or portal ( guest ). then i try to change the configuration on Cisco ISE ( ex. Change vlan result on authorization policy ) why not affect to the user ?
The user have to reauthenticate to get new configuration
Solved! Go to Solution.
09-11-2017 09:17 AM
Policy changes do not impact users authenticated with prior policy. Doing such could potentially have a significant negative impact if ISE was to constantly issue CoA's for every policy change. Today you can issue CoA from Live Log for users authorized to a specific policy, but realize the potential impact if issue CoA for hundreds or thousands of sessions at once.
By default, the new policy will take effect on next connection or session reauth timer.
Craig
09-11-2017 09:17 AM
Policy changes do not impact users authenticated with prior policy. Doing such could potentially have a significant negative impact if ISE was to constantly issue CoA's for every policy change. Today you can issue CoA from Live Log for users authorized to a specific policy, but realize the potential impact if issue CoA for hundreds or thousands of sessions at once.
By default, the new policy will take effect on next connection or session reauth timer.
Craig
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide