
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-11-2017 08:29 AM
Hi Team.
I just wanna ask. when user still connected to network using dot1x or portal ( guest ). then i try to change the configuration on Cisco ISE ( ex. Change vlan result on authorization policy ) why not affect to the user ?
The user have to reauthenticate to get new configuration
Solved! Go to Solution.
- Labels:
-
Identity Services Engine (ISE)
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-11-2017 09:17 AM
Policy changes do not impact users authenticated with prior policy. Doing such could potentially have a significant negative impact if ISE was to constantly issue CoA's for every policy change. Today you can issue CoA from Live Log for users authorized to a specific policy, but realize the potential impact if issue CoA for hundreds or thousands of sessions at once.
By default, the new policy will take effect on next connection or session reauth timer.
Craig
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-11-2017 09:17 AM
Policy changes do not impact users authenticated with prior policy. Doing such could potentially have a significant negative impact if ISE was to constantly issue CoA's for every policy change. Today you can issue CoA from Live Log for users authorized to a specific policy, but realize the potential impact if issue CoA for hundreds or thousands of sessions at once.
By default, the new policy will take effect on next connection or session reauth timer.
Craig
